Definitely agree from a technical perspective. But I do think it was marginally successful in translating technical risk to business risk, which is something that hadn't been done very well previously and did drive a lot of investment into 'security'.
Unfortunately the security industry somewhat predictably responded with snake oil and bullshit that were predictably countered with overpriced Big N assessments, but that's another story.
Unfortunately the security industry somewhat predictably responded with snake oil and bullshit that were predictably countered with overpriced Big N assessments, but that's another story.