Whether a system is secure or is not secure does always depend on the capabilities of the attacker. An attacker will always attack the weakest spot of a system, according to what is perceived to be the weakest spot by the attacker. So if one wants to develop secure software, one has to hire the very best security architect, few good programmers, as their worst effort will introduce the weakest spot. Then hire as many testers as you can, as their improvement is the sum of all of their efforts.
Another important point is the economics of the attackers. If a large enough fraction of car owners would install an stolen car recovery system, then the stolen car economy completely breaches down, improving general wealth fare for every car owner. The tool for analysis of this kind of problems is game theory and its applications to economics. As solving games is intrinsically hard (in fact almost always NP-hard) we are also looking into machine learning approximation methods. Another important factor are real world data and their interpretation,so statistical data analysis also plays an important role.
|A Game-Theoretic Framework for Safety and Security||Zander, T.||Proceedings of the 2018 Joint Workshop of Fraunhofer IOSB and Institute for Anthropomatics, Vision and Fusion Laboratory. Ed.: J. Beyerer, M. Taphanel, Karlsruher Schriften zur Anthropomatik / Lehrstuhl für Interaktive Echtzeitsysteme, Karlsruher Institut für Technologie ; Fraunhofer-Inst. für Optronik, Systemtechnik und Bildauswertung IOSB Karlsruhe, vol. 40, pp. 67-76, KIT Scientific Publishing, Karlsruhe, 2019.|
|Game-theoretical Model on the GDPR - Market for Lemons?||Zander, T.; Steinbrück, A.; Birnstill, P.||JIPITEC 10 no. 2, pp. 200--208, 2019.|
|Spieltheoretische Modellierung der Verarbeitung personenbezogener Daten||Zander, T.; Steinbrück, A.; Birnstill, P.||Datenschutz und Datensicherheit - DuD 43, pp. 270-275, 2019.|