Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

WH Cyberspace Security Review (PDF)

From: David Farber <dave () farber net>
Date: Fri, 29 May 2009 21:12:34 -0400


Begin forwarded message:

From: Ross Stapleton-Gray <ross () stapleton-gray com>
Date: May 29, 2009 8:27:04 PM EDT
To: dave () farber net, karl () cavebear com
Subject: Re: [IP] WH Cyberspace Security Review (PDF)

At 04:52 PM 5/29/2009, Karl Auerbach <karl () cavebear com> wrote:

How about making authors and vendors of software liable for software
flaws?  (It ought to be liability subject to a negligence standard
that can evolve and become more strict as the standard of care
improves in response to the threat of liability.)
...
Today we build software and network protocols in a way that, were they
biological entities, they would probably fail in the evolutionary
competition because they are too brittle.
It occurs to me that the state of information security, under past and present U.S. policy, very much resembles the economy, c. last summer: in the name of keeping the bubble of expansion going, we've been whistling in the dark, allowing or promoting growth without commensurate investment in robustness. Yes, if we did what Karl suggests, and established liability for software and systems, we'd see a contraction... fewer apps would be created atop fewer interesting hooks and wildcatting APIs; operating system vendor (you know who you are) would focus on a more secure and smaller kernel rather than throwing everything up against the wall to see what sticks in the market, etc. But we've really got to do it, and before the bubble we've been building pops.
What's really alarming is that the prime reason we've not seen crippling disruption of this whole creaky, overbuilt "info shantytown" is likely that the many people able to do it have concluded there's more money to be made in phishing, spamming, and other mischief.
But sooner or later, I suspect, someone will decide to kick a lot of it down, either for gain (e.g., shorting the market and then spending a few thousand dollars on botnet services to crash the economy, akin to poaching a dozen deer by setting all of Yellowstone alight) or for the sheer nihilistic fun of it. 

Ross


----
Ross Stapleton-Gray, Ph.D.
Stapleton-Gray & Associates, Inc.
http://www.stapleton-gray.com









-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
Previous By Date Next
Previous By Thread Next

Current thread: