Secure Coding mailing list archives
Economics of Software Vulnerabilities
From: mudge at uidzero.org (mudge)
Date: Wed, 21 Mar 2007 17:39:16 -0400
On Mar 21, 2007, at 3:57 PM, Arian J. Evans wrote:
Spot on thread, Ed: On 3/20/07, Ed Reed <ed.reed at aesec.com> wrote: Not all of these are consumer uprisings - some are, some aren't - but I think they're all examples of the kinds of economic adjustments that occur in "mature" markets. "Unsafe at any speed" (the triumph of consumer safety over industrial laziness) Underwriter Laboratories (the triumph of the fire insurance industry over shoddy electrical manufacturers) VHS (vs BetaMax - the triumph of content over technology)
Sorry, but I couldn't help but be reminded of an old L0pht topic that we brought up in January of 1999. Having just re-read it I found it still relatively poignant: Cyberspace Underwriters Laboratories[1]. It seems to me that a lot of what was of concern then is still of concern now and without great headway being made over these last 8 years. Some note-able items (warning, these are subjective and broad- stroked) have been the commercial world eschewing TCSEC / Common Criteria[2], FIPS 140 being useful for some relatively niche areas and focusing on only portions of a device/component/code, and Trusted Computing really veering away from trusted computing platforms and codebases for classical security compartmentalization and instead focusing on DRM[3]. Just thinking out loud. cheers, .mudge [1] http://packetstormsecurity.org/docs/infosec/cyberul.html [2] often times due to requiring frameworks and configuration capabilities that end up not being used or too complicated for many people to customize. [3] back to the thread topic somewhat... being economics based.
Current thread:
- Economics of Software Vulnerabilities, (continued)
- Economics of Software Vulnerabilities Gary McGraw (Mar 13)
- Economics of Software Vulnerabilities Gadi Evron (Mar 13)
- Economics of Software Vulnerabilities Gary McGraw (Mar 13)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Ed Reed (Mar 19)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 19)
- Economics of Software Vulnerabilities Ed Reed (Mar 20)
- Economics of Software Vulnerabilities Arian J. Evans (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities mudge (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities Gary McGraw (Mar 13)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 20)
- Economics of Software Vulnerabilities Wall, Kevin (Mar 20)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities security curmudgeon (Mar 23)
- Economics of Software Vulnerabilities Gunnar Peterson (Mar 23)
- Economics of Software Vulnerabilities Michael S Hines (Mar 20)
- Economics of Software Vulnerabilities ljknews (Mar 20)