Re: SearchSecurity: Cyber Security and the Law

[Iván Arce <ivan.w.arce () gmail com>]

Gary,

Could you elaborate a bit more? Specifically, what kind of incentives
you have in mind? How would they work?

The debate about what to do to improve software security at a national
or larger scale is mostly populated with abstractions and generic ideas
but the enumeration and description of concrete, specific measures to
deploy is notably scant.

-ivan

On 8/3/12 9:32 AM, Gary McGraw wrote:
> hi greg,
>
> Good question.  I'm biased of course, but I think a BSIMM type measurement
> is the best way to approach this.  (See http://bsimm.com.)  However,
> regardless of measurement I strongly believe that incentives are way
> better than regulations and penalties.

_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________