First of all, there is some controversy surrounding Parker's Hexad, roughly because it does appear to just be a more detailed model of its parent, the CIA Triad. But looking at the Stride Chart, I have to wonder why Microsoft has chosen six main "threat categories" (not three: CIA), but not the exact same six as the Hexad: Confidentiality, Integrity, and Availability, buffeted by Possession/Control, Authenticity, and Utility. Why Authorization and Non-Repudiation and not Utility and Possession as well? Isn't Non-Repudiation and Authenticity a hair-splitting, English-has-too-many-synonyms type of oversight?
Are security models bankrupt? Has Microsoft (and others, because this Stride Chart is getting head nods) reduced to adding every last security buzzword to their lists? Can the basic security models we use be simplified any further? And, very importantly, where are the logic proofs that formally establish these principles as the foundation upon which all security solutions should be built?
Or, is the security industry so busy building money-making solutions that fundamentals are ignored?