Reuters reports that the police convicted Crippen on false evidence:
A team led by John Trestrail, head of the regional poison centre in Grand Rapids, Michigan, took mitochondrial DNA — genetic material passed on through the mother — from a tissue sample from the corpse kept in a London museum.
They then compared it with samples from three of Cora Crippen’s female descendants, found after a 7-year search.
“That body was not Cora Crippen’s,” said David Foran, a forensic biologist at Michigan State University. “We don’t know who that body was or how it got there.”
As I read this I thought about an incident I had to investigate recently.
Business executives, as expected, quickly wanted a summary of events and then to move on in their work. They threw some opinions around and weighed in before the facts were fully known, as if making a decision about general operational risks.
The security team, on the other hand, wanted to study the data and come to a reliable understanding of the threat as well as vulnerabilities before letting the case be closed.
You can guess which one carries more weight in the average corporate environment. Let me try to put it a different way:
If the job is to keep the business processes firing (like pistons in an engine) then reactions will be necessarily oriented to moving things along without delay. If the job is to keep the business running (like avoiding a cliff) then delay might be warranted if danger is ahead.
Why did a team want to research the Crippen case? Curiosity and doubt about the accuracy of conviction, surely, which is also the sort of quality you should seek in security teams who will be faced with incident response and investigation.