Secure Coding mailing list archives
Could mandates on disclosing software effects benefit
From: bugtraq at cgisecurity.net (bugtraq at cgisecurity.net)
Date: Thu, 1 Feb 2007 01:10:13 -0500 (EST)
Question is: would it make sense to lobby for disclosure requirements of all writes software does, to whatever, and reasons for them, as conditions to make it fit for sale? Perhaps likewise to be a (or the?) defense against claims the software is doing things to others' machines without authoriation? Certainly such lists would require more of everyone installing software, at least in principle (I imagine permission interpreters would alleviate most work), but they would also make it possible for the first time to give trust in an informed way.
People see Microsoft in the news all the time for having vulnerabilities and it isn't stopping them from making money. Regarding websites, myspace and other large online companies have also been bitten and aren't being negative affected. I think creation of federal guidelines requiring security in the development cycle would be a much more practical way to force people to implement appropriate baseline security measures. To some extent policies such as SOX are starting this process regarding certain types of data or environments. In the majority of causes without the threat of preventing business, you're not going to get people to do anything unless they absolutely need to. Regards, - Robert http://www.cgisecurity.com/ http://www.webappsec.org/ http://www.qasec.com/
Current thread:
- Could mandates on disclosing software effects benefit security? Glenn and Mary Everhart (Jan 31)
- Could mandates on disclosing software effects benefit bugtraq at cgisecurity.net (Jan 31)
- Could mandates on disclosing software effects benefit Glenn and Mary Everhart (Feb 01)
- Could mandates on disclosing software effects benefit bugtraq at cgisecurity.net (Jan 31)