Deworming the Internet -- addressing market failure in computer security

[David Farber <dave () farber net>]

Begin forwarded message:

From: Douglas Barnes <salguod () mail utexas edu>
Date: November 20, 2004 10:48:55 AM EST
To: dave () farber net
Subject: Deworming the Internet -- addressing market failure in  
computer security


Dave--

I thought IP folks might be interested in a paper I've written which is  
just
now available on SSRN.  In part it's a response to the periodic calls  
for
"liability" (notably from Bruce Schneier) as a mechanism for solving
computer problems.  The upshot is that I think Bruce is right that  
there is
a need for a regulatory response, but that extending, say, tort  
liability to
software would be a disaster.  In addition to my more complicated law &
economics argument for why this is, I point out in passing that ordinary
tort liability could crush open source software, which has the  
potential to
act as a positive force in addressing the underlying market failure.

Links and abstract below.  Comments welcome.

Cheers,

Douglas Barnes

===========

http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID622364_code402123.pdf? 
abstra
ctid=622364&mirid=1 or http://papers.ssrn.com/abstract=622364

Abstract:
Both law enforcement and markets for software standards have failed to  
solve
the problem of software that is vulnerable to infection by
network-transmitted worms. Consequently, regulatory attention should  
turn to
the publishers of worm-vulnerable software. Although ordinary tort  
liability
for software publishers may seem attractive, it would interact in
unpredictable ways with the winner-take-all nature of competition among
publishers of mass-market, internet-connected software. More tailored
solutions are called for, including mandatory "bug bounties" for those  
who
find potential vulnerabilities in software, minimum quality standards  
for
software, and, once the underlying market failure is remedied,  
liability for
end users who persist in using worm-vulnerable software.


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/