Secure Coding mailing list archives
Economics of Software Vulnerabilities
From: coley at linus.mitre.org (Steven M. Christey)
Date: Tue, 20 Mar 2007 00:55:02 -0400 (EDT)
On Mon, 19 Mar 2007, Crispin Cowan wrote:
Since many users are economically motivated, this may explain why users don't care much about security :)
But... but... but... I understand the sentiment, but there's something missing in it. Namely, that the costs related to security are not really quantifiable yet, so consumers are not working with the best information. Then there's simple lack of understanding, such as that exmplified by an individual consumer - their computer gets really bogged down and slow, and they don't know what's happening, so they go buy a new computer, when it was "just" a ton of spyware from surfing habits that they didn't know were unsafe, or they were running some zombie that was sucking up all their bandwidth for warez distribution.
Eventually I think they'll get fed up and there'll be a consumer uprising.Why do you think it will be an uprising? Why not a gradual shift of the vendors just get better, exactly as fast as the users need them to?
I really really wish for an uprising, but unfortunately I'm not too optimistic right now. Off the top of my head, I can't think of any consumer uprisings in other industries, although the US' recent decline in fuel-inefficient vehicles is sort of close. Didn't some large brick-and-mortar companies heavily criticize the software industry a couple years ago? I don't know how that played out. - Steve
Current thread:
- Economics of Software Vulnerabilities Ed Reed (Mar 06)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 12)
- Economics of Software Vulnerabilities Gadi Evron (Mar 12)
- <Possible follow-ups>
- Economics of Software Vulnerabilities Gary McGraw (Mar 13)
- Economics of Software Vulnerabilities Gadi Evron (Mar 13)
- Economics of Software Vulnerabilities Gary McGraw (Mar 13)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Ed Reed (Mar 19)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 19)
- Economics of Software Vulnerabilities Ed Reed (Mar 20)
- Economics of Software Vulnerabilities Arian J. Evans (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities mudge (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 12)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 20)
- Economics of Software Vulnerabilities Wall, Kevin (Mar 20)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities security curmudgeon (Mar 23)