Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Economics of Software Vulnerabilities

From: coley at linus.mitre.org (Steven M. Christey)
Date: Tue, 20 Mar 2007 00:55:02 -0400 (EDT)

On Mon, 19 Mar 2007, Crispin Cowan wrote:


Since many users are economically motivated, this may explain why users
don't care much about security :)


But... but... but...

I understand the sentiment, but there's something missing in it.  Namely,
that the costs related to security are not really quantifiable yet, so
consumers are not working with the best information.  Then there's simple
lack of understanding, such as that exmplified by an individual consumer -
their computer gets really bogged down and slow, and they don't know
what's happening, so they go buy a new computer, when it was "just" a ton
of spyware from surfing habits that they didn't know were unsafe, or they
were running some zombie that was sucking up all their bandwidth for warez
distribution.


Eventually I think they'll get fed up and there'll be a consumer uprising.


Why do you think it will be an uprising? Why not a gradual shift of the
vendors just get better, exactly as fast as the users need them to?


I really really wish for an uprising, but unfortunately I'm not too
optimistic right now.  Off the top of my head, I can't think of any
consumer uprisings in other industries, although the US' recent decline in
fuel-inefficient vehicles is sort of close.  Didn't some large
brick-and-mortar companies heavily criticize the software industry a
couple years ago?  I don't know how that played out.

- Steve
Previous By Date Next
Previous By Thread Next

Current thread: