💥

Mistakes

Part of a collection of essays on TRUST by @futurepaul

What happens if you make a mistake? Betray trust? Here’s some quality advice from Jocko

  1. Apologize and own it . No caveats, no “but.”
  2. You’re automatically regaining trust until you lie again.

There’s actually interesting research into how mistakes relate to trust in the “trust games” literature. These are simple non-zero-sum games, sort of like the prisoner’s dilemma, which can be approached with various tactics. Repeat games give the opportunity to see how various tactics work over time. Does it pay off to always cooperate? To always betray? Or adjust your behavior according to your counterparty’s past actions?

Mistakes add some additional spice to these tactics. A “mistake” in a game is when, for instance, a player attempts to cooperate but accidentally hits the betray button. How do you distinguish an “honest” mistake from a malicious actor? You’ll probably have to play some more games to find out.

But this got me thinking about trust in the cybersecurity setting. In information security there’s the “principle of least privilege”:

An important logical control that is frequently overlooked is the principle of least privilege, which requires that an individual, program or system process not be granted any more access privileges than are necessary to perform the task.

One example of this is how passwords are “stored” in modern systems: a good system doesn’t store the password itself, but some sort of one-way hash of the password. If the system is compromised somehow, the passwords don’t leak. The system is still a trusted system, but the trust surface is wisely minimized so that the worst case scenario isn’t the worst case scenario.

Posted Sep 5, 2022