I caught three of my fingers in a tablesaw this last weekend, which caused a severe hand injury, mangling my fingers, tearing off my fingernails, and breaking the bones. It was pretty terrible, but luckily the hand surgeon says I should have a complete recovery in a few months.
Me being me, this got me thinking about some of the things that I could've done to mitigate the injury before it happened. It struck me that the threat modeling I was doing for my own physical safety, is analogous to a lot of the recommendations and guidance that I give companies for software security. In my case, my recommendations to myself boil down to the importance of focus while performing monotonous tasks, and the necessity for defense in depth.
My injury was due to four primary mistakes.
I had been cutting larger pieces of wood on the tablesaw earlier in the day and as a result the blade was too high for the smaller pieces I was cutting during the time of the accident.That was mistake number one.
Like many tablesaw users, I had removed the blade guard from the tablesaw long ago so that the blade was exposed. That was mistake number two.
It's relatively cold here in Seattle and especially in my garage so I was wearing a pair of work gloves while I used the saw. Perhaps surprisingly, that was mistake number three. The saw caught the glove and pulled my hand into the blade as well as slamming it into the table, breaking the bones.
While I usually make every cut on my table saw with close attention, this time I was making a lot of the same cut, cutting a large number of small slats that would become the seat and back of a small chair, and as a result my attention wandered. This monotonous task had my complete attention for the first two or three cuts, but after the 12th identical cut I wasn’t focusing as much on each cut as I should've been.That was a mistake number four.
These four mistakes can be broken into two categories. First the importance of paying attention to monotonous tasks, regardless of whether it's the first time you've done it or the 15th. Second, the importance of using a defense in depth for safety and security so that when mistakes inevitably happen the risk is mitigated by other defenses in place.
We talk a lot about defense in depth in software security, for example the importance of properly doing input validation in addition to using parameterize queries or stored procedures to mitigate SQL injection. Another example of defense in depth might be to encrypt data at rest on servers even when there is no method of direct access. I can apply the same thinking when using my tablesaw. Had I kept the blade guard on, removed my gloves, and made sure to adjust the blade before every cut, I may not have suffered the same injury.
When you get too comfortable mistakes happen. In continuous integration and continuous deployment developers might deploy code to production systems multiple times per day. When this happens it's possible the developer may not take the deployment process as seriously as they might if the deployment process takes longer and only happens every six months. However, even though there are more frequent deployments there is the same level of responsibility to perform the correct level of quality assurance and deployment hygiene as there would be in less frequent deployments. I can apply the same thinking to my tablesaw by ensuring that every cut I make has the same level of attention as the first one.
In software security, as in life, the same mistakes can have different outcomes. It's easy to fall into the thinking that just because a mistake hasn't been made yet, a breach hasn't happened yet, or an injury hasn't happened yet, that the likelihood is less. However, the likelihood remains the same as long as the risky behavior stays the same. When that mistake finally does occur the failure, breach, or injury might be of a different severity. In my case I got very lucky and will suffer no permanent damage after my injury. After a breach, a company may not suffer any permanent damage to the organization or stock price, but every mistake is an opportunity to improve.
My final takeaway? Count your blessings that the damage isn't worse, and make sure that it doesn't happen again.
P. S. This entire post was dictated! (And thankfully edited by my colleague Jason)