Secure Coding mailing list archives
Insecure Software Costs US $180B per Year - Application and
From: robert at webappsec.org (robert at webappsec.org)
Date: Thu, 29 Nov 2007 18:52:27 -0500 (EST)
I think many companies are working on making their code more secure however without some sort of penality to the business the others aren't going to invest in security. This in particular is why I like what PCI has done (as an example) enforcing 'some' bare requirements/penalties for not doing While it isn't perfect it's something. I've spoken with a few organizations debating penalizing a developer financially if they have vulnerabilities in their code. It is actually pretty difficult to enforce without the proper training/policies/procedures in place. I think if a tax existed this would force companies to develop these sorts of programs since it will most likely be less expensive than paying the fine. My $1.50 Regards, - Robert Auger http://www.webappsec.org/ http://www.cgisecurity.com/
--===============1159861409== Content-Type: multipart/signed; boundary=Apple-Mail-774--974102641; micalg=sha1; protocol="application/pkcs7-signature" --Apple-Mail-774--974102641 Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit FYI, there's a provocative article over on Dark Reading today. http://www.darkreading.com/document.asp?doc_id=140184 The article quotes David Rice, who has a book out called "Geekconomics: The Real Cost of Insecure Software". In it, he tried to quantify how much insecure software costs the public and, more controversially, proposes a "vulnerability tax" on software developers. He believes such a tax would result in more secure software. IMHO, if all developers paid the tax, then I can't see it resulting in anything other than more expensive software... Perhaps I'm just missing something, though. Cheers, Ken ----- Kenneth R. van Wyk SC-L Moderator KRvW Associates, LLC http://www.KRvW.com --Apple-Mail-774--974102641 Content-Disposition: attachment; filename=smime.p7s Content-Type: application/pkcs7-signature; name=smime.p7s Content-Transfer-Encoding: base64 MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIGdjCCAy8w ggKYoAMCAQICEE3TNKjT6vVPziZ4GZOH6N4wDQYJKoZIhvcNAQEFBQAwYjELMAkGA1UEBhMCWkEx JTAjBgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA3MDkxNTEzMzAxM1oXDTA4MDkxNDEzMzAx M1owgYoxEDAOBgNVBAQTB1ZhbiBXeWsxGDAWBgNVBCoTD0tlbm5ldGggUmljaGFyZDEgMB4GA1UE AxMXS2VubmV0aCBSaWNoYXJkIFZhbiBXeWsxGzAZBgkqhkiG9w0BCQEWDGtlbkBLUnZXLmNvbTEd MBsGCSqGSIb3DQEJARYOa2VuQHZhbnd5ay5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQCqSxE6IaWzPYQK1MHK/5vFDNb7GmfI/WVjnBVDvyg2wC0EI1zhMGCRJtE78wPRshTg7kC5 B8W2qNBIxRO8bkU3+Qw8ZRFjPz8EKDoxJuK6byfip64h5Q/HcL6JWNPRrHZQXwpEisehEgytMOJs JAoLzHUqi2zVz6Wq+NDhtmOIlegvnlcLiHY+IxZaK4bLe/p3717OtswZtJ+xQUS5J9DUf99PIR8q DWqt/fFBqhQ9a2zewPH/+Jrwnhl/2WdkCWBEn0kkz9J77hNVe7O0NAKGTirWkU3JKY39wCjb7pf2 0TNtoFvfj6oTTOwEdvIZkm6C/HMCf4Cwpc+zlLG6VhzlAgMBAAGjOTA3MCcGA1UdEQQgMB6BDGtl bkBLUnZXLmNvbYEOa2VuQHZhbnd5ay5vcmcwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB gQC7cfuLAK0R/H9LyvtBl4+8wt64B7eyTdQDQTyRUyH1IfJAPgXcG8edBPV/3ff6LOIf5bI0MBjF HjyavBM8532SVgzs+aadJ3gA8OFDnAAcA8lL0vgx1UJATWLneTxNDz5cauUdTpUAckw1V6tQ/erB a2BBcLPSdoT9P2B90LMPQDCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEFBQAwgdExCzAJBgNV BAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNhcGUgVG93bjEaMBgGA1UE ChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmljYXRpb24gU2VydmljZXMgRGl2 aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVlbWFpbCBDQTErMCkGCSqGSIb3DQEJ ARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAeFw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYy MzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBM dGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6 YfK/Uc4B1OVQCjDXAmNaLIkVcI7dyfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+ B79AgAJk16emu59l0cUqVIUPSAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8E CDAGAQH/AgEAMEMGA1UdHwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQ ZXJzb25hbEZyZWVtYWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UE AxMRUHJpdmF0ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+s vsIXoUOWlJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydx VyWN3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggMQ MIIDDAIBATB2MGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5 KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBDQQIQTdM0 qNPq9U/OJngZk4fo3jAJBgUrDgMCGgUAoIIBbzAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwG CSqGSIb3DQEJBTEPFw0wNzExMjkyMjQ3MDlaMCMGCSqGSIb3DQEJBDEWBBSyteyFAANif1U5spNG +rNDEWeLejCBhQYJKwYBBAGCNxAEMXgwdjBiMQswCQYDVQQGEwJaQTElMCMGA1UEChMcVGhhd3Rl IENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMjVGhhd3RlIFBlcnNvbmFsIEZyZWVtYWls IElzc3VpbmcgQ0ECEE3TNKjT6vVPziZ4GZOH6N4wgYcGCyqGSIb3DQEJEAILMXigdjBiMQswCQYD VQQGEwJaQTElMCMGA1UEChMcVGhhd3RlIENvbnN1bHRpbmcgKFB0eSkgTHRkLjEsMCoGA1UEAxMj VGhhd3RlIFBlcnNvbmFsIEZyZWVtYWlsIElzc3VpbmcgQ0ECEE3TNKjT6vVPziZ4GZOH6N4wDQYJ KoZIhvcNAQEBBQAEggEAn7HQrs0Uu05KKl1aFqFrYpZlXHMh4CDVWvbhdb+EpYESr1qo4zi66eqn jO2ahM0ZkiVCJD2Nk+z68x7w6aQTw+DMPBL2/N9TkpTuh6NPjA/X12mY5DNoui9vEpj+vhunuQHB jJQewOpfw4vjNfMdFPuKHJJ0X+MiipoQ8y7dQJjIX+epjtkVkKT93KVZM1L+cgqe8NUFZuKYC09r qEyU+i7bsUug+AwqlHYsOd4b4T+s3dvhLIohjqGR9+5RLxFbTzPRgCvFo1A4yP/VME++cdntnIhK gz6AQOGQ/ZZpX/0XEIjS0NXTeJ5w7mUitU/KWAjKpt+8BL1K2dp6do3IWQAAAAAAAA== --Apple-Mail-774--974102641-- --===============1159861409== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________ --===============1159861409==--
Current thread:
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Kenneth Van Wyk (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Leichter, Jerry (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading der Mouse (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Leichter, Jerry (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading der Mouse (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Shea, Brian A (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Steven M. Christey (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading der Mouse (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Leichter, Jerry (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Blue Boar (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Steven M. Christey (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Dec 02)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Pete Werner (Dec 04)