Dailydave mailing list archives
Re: The monetization of information insecurity
From: Michal Zalewski <lcamtuf () coredump cx>
Date: Wed, 10 Sep 2014 08:10:52 -0700
You want to know what would work? Holding software producers legally liable for their software bugs, because only if they have consequences for their actions will they ever start taking things seriously!
It's a fairly persistent argument, but there is also a range of counterpoints. Perhaps most importantly, liability for damages puts the open source community and small, emerging companies at a distinct disadvantage, whereas large businesses would be likely to just factor it in as a cost of doing business. In that context, it may be also informative to look at the credit card & banking industry; liability for fraudulent charges hasn't really pushed them toward developing particularly safe payment technologies - instead, the cost is just factored in and ultimately passed on the customer in the form of higher payment processing fees. I abhor physical-world analogies, but if we're going down that path, it's also worth noting that we seldom hold people accountable for not doing absolutely everything within their power to stop abuse. The builders of your home or the designers of your car are usually not on the hook if somebody breaks in, even though they could have built more of a fortress. The company that makes your cereal is not on the hook if somebody poisons your food down the supply chain, even though they could have used tamper-resistant packaging. /mz _______________________________________________ Dailydave mailing list Dailydave () lists immunityinc com https://lists.immunityinc.com/mailman/listinfo/dailydave
Current thread:
- The monetization of information insecurity dave aitel (Sep 08)
- Re: The monetization of information insecurity Brad Spengler (Sep 09)
- Re: The monetization of information insecurity J. Oquendo (Sep 09)
- Re: The monetization of information insecurity Dennis Groves (Sep 10)
- Re: The monetization of information insecurity Michal Zalewski (Sep 10)
- Re: The monetization of information insecurity Dominique Brezinski (Sep 11)
- Re: The monetization of information insecurity Parity (Sep 12)
- Re: The monetization of information insecurity Brad Spengler (Sep 09)
- Re: The monetization of information insecurity John Strand (Sep 10)