If you know anything at all about me, then you know that I rarely have an original thought (ha!). Instead I pull a lot from reading books and other published content, and most of this blog is really about how to put those theory ideas into practice, and then show that they actually work. But this raises an interesting point. How do you know WHICH content you are consuming is actually valid and correct or not? I call this “veracity of information”.

Let’s look at an example. If you come across a blog or slide deck that says something like “Minimize your changes of zero-day exploits by implementing a strict and timely patching regimen” of course you’ll easily believe it. This is a widely-held and accepted truth. But let’s say you then come across, “Use passphrases instead of passwords because they are harder to brute force.” I mean, is that true? The author might even cite some sort of study, or another article or blog post. You can spend time chasing down all the leads (and I’ve done that before, it’s actually kinda fun) but what are the factors that make you believe this or not?

Of course, the identity of the author or the medium of publishing is part of that. Anything that Bruce Schneier or Brian Krebs then there’s a level of trust you get out of the information. Conversely, if you’re reading some random blog from some random person named microtodd, then you need to make sure you take a moment or two to think about what you’ve just read.