Vulnerability equilibrium

A state in which all vulnerabilities in a system are about as vulnerable as the others.
The classic bike lock example demonstrates this principle:
Consider a bike lock with a thick cable and a 4-digit numeric lock
This system is at vulnerability equilibrium as the lock is about as vulnerable to a lock-picker, or brute force number guesser, as the cable is vulnerable to a clipper.
This system can lose equilibrium if either component is changed out for a more or less secure alternative.
For example changing the lock for a retinal scanner, or the cable for a string.
As security systems and devices move towards vulnerability equilibrium, many factors influence the presence of security features. In the bike lock example, the largest factor might be cost.
History of the Phrase:
This phrase was first described by Scott Delly on November 18 2009 in a discussion with a colleague about security vulnerabilities of systems.
His colleague comments: Many people who know better consider this an idea so obvious as to be not worth naming. Furthermore, the excessively technical wording obfuscates the very simple concept underlying it, namely, that a chain is as strong as the weakest link.
 
< Prev   Next >