Dailydave mailing list archives
Re: Lap Dances for All
From: <halvar () gmx de>
Date: Wed, 2 Mar 2005 23:28:07 -0800
Hey all, just to chip in a few cents:Right now, there is no way for a customer to judge the security of a closed-source software product, and thus we have a classical market failure where more secure software is driven out of the market (as it is more expensive to build, thus more expensive to sell and the customer will buy the cheaper product since he can't see the difference).
It is clear that we thus need to "link" the risk of widespread attacks using unknown
vulnerability back into the market. I see two avenues of doing this:1. Make the software industry liable for damages from worms etc. -- obviously, they
would have to buy insurance for this2. Create a market for vulnerabilities where the folks that find bugs have a place to go
and get paid for their workI seriously wonder which one of the above two options software vendors like better. And the next time some vendor tries to tell you it is unethical to sell bugs, ask him which of the
two options he prefers. Cheers,Halvar
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Lap Dances for All Dave Aitel (Mar 02)
- Re: Lap Dances for All Adam Shostack (Mar 02)
- Re: Lap Dances for All Rodney Thayer (Mar 02)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All dan (Mar 02)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- Re: Lap Dances for All Rodney Thayer (Mar 02)
- Re: Lap Dances for All Jason (Mar 02)
- Re: Lap Dances for All halvar (Mar 02)
- Re: Lap Dances for All Jason (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- Re: Lap Dances for All Andre Ludwig (Mar 02)
- <Possible follow-ups>
- RE: Lap Dances for All Maynor, David (ISS Atlanta) (Mar 02)
- Re: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All dan (Mar 03)
- RE: Lap Dances for All surreal (Mar 03)
- RE: Lap Dances for All Chris Wysopal (Mar 03)
- Re: Lap Dances for All Adam Shostack (Mar 03)
- RE: Lap Dances for All security curmudgeon (Mar 04)
- RE: Lap Dances for All Chris Wysopal (Mar 03)