The answer was obviously 50%.

The chance of any child being a girl is 50% (plus or minus some small demographic deviation), so the chance of any child who happens to be one of twins being a girl is 50%. Thus, the chance of one *particular* child of a set of twins (firstborn, second-born) being a girl is 50%.

As is the chance of *only* one of a set of twins being a girl.

But, what you were asking was, what is the chance of *at least* one of a set of twins being a girl? Which is, as Richard illustrates, 75%.

But that’s not the way I’d initially read what you wrote.

This illustrates another reason why we’re not better at security: We don’t always ask precisely the right questions. Attackers exploit ambiguities!

— Ant

Can’t continue to rise you say? What if the threat rises? I think a good assumption is that security spending rises in some relation to threats. Compliance is always a driver but somewhat discretionary. After all the PCI police are not very diligent. Let alone the COBIT or ITIL enforcement agencies.

So what percent of spending on home improvements is security related? In Ottawa or Birmingham, Michigan it is pretty small. I replaced a lock set when we bought our house. ($26 out of umpty gagillion spent on paint and blinds). Yet in parts of Johannesburg, South Africa, people need to maintain ten foot walls topped by razor wire around their community, ten foot fences around their houses, and rape gates at the top of the stairs.

What happens if cyber criminals, terrorists, and nation states actually start attacking the enterprise? What will security spending look like then? A lot more than is spent on patch management and AV today.