Skipping security is human nature
"A vulnerability is only a vulnerability when it gets exploited, someone cares about it and I'm going to get caught," said the formula's creator Chris Wood, regional director for Australia and New Zealand at security vendor Sourcefire.
"If those three things don't exist, then I have very little drive to [fix] those vulnerabilities," he said. IT managers instead focus on areas where there's more pressure, such as connecting the ever-increasing number of smartphones and tablets.
In this week's Patch Monday podcast, Wood explains his formula, and extends it with an IT version of psychologist Abraham Maslow's hierarchy of human needs, and uses that framework to explain how to support his call for more adaptive defensive techniques.