Interesting People mailing list archives
WH Cyberspace Security Review (PDF)
From: David Farber <dave () farber net>
Date: Fri, 29 May 2009 21:12:34 -0400
Begin forwarded message: From: Ross Stapleton-Gray <ross () stapleton-gray com> Date: May 29, 2009 8:27:04 PM EDT To: dave () farber net, karl () cavebear com Subject: Re: [IP] WH Cyberspace Security Review (PDF) At 04:52 PM 5/29/2009, Karl Auerbach <karl () cavebear com> wrote:
How about making authors and vendors of software liable for software flaws? (It ought to be liability subject to a negligence standard that can evolve and become more strict as the standard of care improves in response to the threat of liability.) ... Today we build software and network protocols in a way that, were they biological entities, they would probably fail in the evolutionary competition because they are too brittle.
It occurs to me that the state of information security, under past and present U.S. policy, very much resembles the economy, c. last summer: in the name of keeping the bubble of expansion going, we've been whistling in the dark, allowing or promoting growth without commensurate investment in robustness. Yes, if we did what Karl suggests, and established liability for software and systems, we'd see a contraction... fewer apps would be created atop fewer interesting hooks and wildcatting APIs; operating system vendor (you know who you are) would focus on a more secure and smaller kernel rather than throwing everything up against the wall to see what sticks in the market, etc. But we've really got to do it, and before the bubble we've been building pops.
What's really alarming is that the prime reason we've not seen crippling disruption of this whole creaky, overbuilt "info shantytown" is likely that the many people able to do it have concluded there's more money to be made in phishing, spamming, and other mischief.
But sooner or later, I suspect, someone will decide to kick a lot of it down, either for gain (e.g., shorting the market and then spending a few thousand dollars on botnet services to crash the economy, akin to poaching a dozen deer by setting all of Yellowstone alight) or for the sheer nihilistic fun of it.
Ross ---- Ross Stapleton-Gray, Ph.D. Stapleton-Gray & Associates, Inc. http://www.stapleton-gray.com ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- WH Cyberspace Security Review (PDF) David Farber (May 29)
- <Possible follow-ups>
- Re: WH Cyberspace Security Review (PDF) David Farber (May 29)
- WH Cyberspace Security Review (PDF) David Farber (May 29)
- WH Cyberspace Security Review (PDF) David Farber (May 29)
- WH Cyberspace Security Review (PDF) David Farber (May 31)