Funny how one can find usefulness in the weirdest of sources. A post on the WordPress blog discusses security, obviously a subject dear to our heart, blog and investment-wise. At one point the author says: “Upgrading is taking your vitamins; fixing a hack is open heart surgery. (This is true of cost, as well.)”.
Change the post’s subject to “risk management” instead of blog security, and the analogy becomes much more interesting.
In another part of the post, the author quotes another guy discussing security “solutions” and comparing them to car anti-theft measures/ devices:
“The really interesting thing about these approaches, from a game theory perspective, is that they are all Club solutions, not Lojack solutions. There are two basic approaches to protecting your car from theft: The Club (or The Shield, or a car alarm, or something similar), and Lojack. The Club isn’t much protection against a thief who is determined to steal your car (it’s easy enough to drill the lock, or just cut the steering wheel and slide The Club off). But it is effective protection against a thief who wants to steal a car (not necessarily your car), because thieves are generally in a hurry and will go for the easiest target, the low-hanging fruit. The Club works as long as not everyone has it, since if everyone had it, thieves would have an equally difficult time stealing any car, their choice will be based on other factors, and your car is back to being as vulnerable as anyone else’s. The Club doesn’t deter theft, it only deflects it.”
In the end, the author says “WordPress is a community of hundreds of people that read the code every day, audit it, update it, and care enough about keeping your blog safe that we do things like release updates weeks apart from each other even though it makes us look bad, because updating is going to keep your blog safe from the bad guys. (…) We’ve already made upgrading core and plugins a one-click procedure. If we find something broken, we’ll release a fix. Please upgrade, it’s the only way we can help each other.”
Preparing for risk is an everyday task, it’s an attitude, it’s part of the core cultural truths of an asset manager. It’s about taking your vitamins every day.