Security Semantics
Over the past several weeks a colleague and I have embarked on a mission that is probably akin to finding a sea route to the Indies in the 15th century. We call it a security ontology. I think this is a decent label. Since we’ve been trying to redefine and/or correct some of the old-school security maxims and practices for the past 4 years or so we thought that what better way than to revisit terminology. We could place that terminology within its semantic domain and, most importantly, map the relationships between these terms. In the end, we could all speak a similar language and sort of create or own linguistic community. It’s almost an experiment in more ways than one. Security terminology has always been an organic evolution. Hutton and Mortman would call this anarchy. I don’t know if I’d go *that* far, but it does catch the eye. So far, this project has gotten us through an information system model (necessary since that is usually an object of desire in most cases), typical vulnerability, adversary and attack language and now we’re right in the middle of everyone’s favorite, risk. Hopefully we’re not stuck in the Bermuda Triangle for too long. One of the primary epistemological measurements (or epistemic justification) that we’ll be using to determine if it “works” is coherence, or, how well do the individual pieces connect together to form a system of knowledge. Yes, it has it’s flaws, but I think this is a good first step. Anyone else working on something like this?