Subtractive Security, LLC

Path Erasure Rate (PER)

A clinical metric for measuring architectural efficacy defined as the quantitative reduction of authorized communication paths from a comprehensive baseline to a state of essential-only connectivity.

The Law of Subtractive Risk (Rs)

A fundamental principle of security physics stating that systemic risk is inversely proportional to the Path Erasure Rate, establishing that true resilience is achieved through the elimination of attack surfaces rather than the accumulation of defensive layers.

Read the Original Manuscript:

The Science of Silence: Subtractive Security and the Physics of Defense

ISBN: 979-8995533603

Origin Timeline:

2015 – Conducted the first ever BAS simulation in a hospital setting which led to the first working zero trust implementation is a hospital (https://www.healthcareitnews.com/news/interfaiths-zero-trust-network-protects-against-cyberattacks-saves-2-million)

2016 – Developed the OWASP Secure Medical Device Deployment Standard and Co-authored OWASP Anti-Ransomware Guide (https://owasp.org/www-pdf-archive/SecureMedicalDeviceDeployment.pdf)

2018 – Led the Development of Version 2 of the OWASP Secure Medical Device Deployment Standard (https://cloudsecurityalliance.org/press-releases/2018/08/07/csa-owasp-issue-updated-guidance-for-secure-medical-device-deployment463)

2019 – Presented 2015 work on BAS and zero trust to NIST as a reference architecture (https://www.nccoe.nist.gov/sites/default/files/legacy-files/8_frenz_interfaith_distribution.pdf)

2020 – Published the Evidence-Based Security Framework (https://www.healthtechmagazines.com/taking-an-evidence-based-approach-to-healthcare-security/)