Cool, glad to see a focus on risk. It's quite important, often overlooked.
Spot on that the security industry (and IMHO many internal security departments) often focusing on technical vs. business risk. Who needs risk management when you have fancy sound bites and scary sounding technical jargon?
Pedantic nitpick: Death statistics slide asks 'what could a billion $ do for these causes?' The question is more... what would Takata / Honda have done with the time and resources from the outcome.
From the company's point of view (purely pathological) the 'cost' of the injuries would be damage to their brand, lawsuits etc. That should be taken into account.
Ethically though I think the recall was the right thing to do. And presumably the sooner they do it the better for everyone?
Another interesting 'risk' to look at is given some evidence that your product may be defective, what is the probability that is actually is defective (upon further tests). And whether to test 'under the radar' or be transparent about the problem. (Putting ethics to one side for a moment).
What does 'not designed to be exploratory' mean? How many scripting and shell languages have the introspection that comes with PowerShell, from .NET reflection to simple abstractions like 'Get-Member'? How common is a prescribed and thus simple to discover naming convention such as verb-noun?
I would love to see it in other ecosystems, and the prediction that PS could go open source, along with the recent open sourcing of .NET core and CoreCLR gives me hope.
Spot on that the security industry (and IMHO many internal security departments) often focusing on technical vs. business risk. Who needs risk management when you have fancy sound bites and scary sounding technical jargon?
Pedantic nitpick: Death statistics slide asks 'what could a billion $ do for these causes?' The question is more... what would Takata / Honda have done with the time and resources from the outcome.
Cheers!