twitter facebook rss

What reporters should know about infosec – press releases

Posted by on November 12, 2016.

Thank you, Kevin. As well as addressing the issue of reporter versus commentator (which we should probably deal with at another time), your piece could be nicely condensed into another principle:

Don’t believe everything you read in press releases.

As noted in my starting article, it is true that reporters have all kinds of pressures of time and economics. One can even postulate a kind of journalistic form of Gresham’s Law, where, since failure to take time to check your facts means you hit the news cycle faster, and since a shorter (and more simplistic) soundbite tends to get repeated more frequently, bad reporting tends to drove out good. (The recent presidential election in the United States being a prime example: numerous studies have noted that false statements and stories were re-reported and repeated much more than real news. David’s noted this as well.)

As noted by Wiley Miller, a reporter’s life is not a happy one.
How reporters start their day at work ...
As the old saying goes, if you know the difference between good advice and bad advice, you don’t need any advice. That’s part of my intent with these postings: to try and provide a little guidance on what advice is good.

As Kevin notes, some lies in press releases are simple to uncover. Questions should be automatic. A link is proposed between a problem with an institution and a piece of malware. First question: who does the malware target? Is it aimed at the bank or the customer? If the customer, then the lie is automatically exposed: the bank isn’t the target. The bank is basically irrelevant: the customer needs to take precautions. That is the story.

Again, as Kevin says, some lies are more subtle, and require either more background, or more questions.

And some stories aren’t exactly lies at all, just someone trying to get attention by reporting what is basically a non-issue. That was the case with the stories that started off my series on quantum computing. What the initial release said was true, just not significant in any way.

So, in a sense, that is one of the things I’m trying to do, here. Point out to reporters, of whatever stripe, how to find out what is important in an infosec story.

Leave a Reply

Your email address will not be published. Required fields are marked *

Submitted in: Perspectives, Rob Slade, Security |