I sort of disagree. Not necessarily that it was the wrong choice to invest your security resources elsewhere—I think your threat model is approximately correct—but I disagree that it’s wrong to invest in that part of your stack.
I do not know what the difference here is. Presumably one implies the other?
Tale: Today it may be best, to invest elsewhere. But not forever. Security against a dedicated adversary is not always and forever impossible, but a result of continuous investment that is a) eventually achieved, b) requires continuing work going forward (bugs are discovered in resources once thought secure and need patching, malware and threats change, etc.)
In other words, just because it’s not your top priority, doesn’t mean it shouldn’t be improved a little bit, now and then. i.e. the difference between 0% and 5% of invested effort, compounds over time.
I do not know what the difference here is. Presumably one implies the other?
Epistemic note: I’m not Taleuntum.
I think the difference is:
Tale: Today it may be best, to invest elsewhere. But not forever. Security against a dedicated adversary is not always and forever impossible, but a result of continuous investment that is a) eventually achieved, b) requires continuing work going forward (bugs are discovered in resources once thought secure and need patching, malware and threats change, etc.)
In other words, just because it’s not your top priority, doesn’t mean it shouldn’t be improved a little bit, now and then. i.e. the difference between 0% and 5% of invested effort, compounds over time.