Secure Coding mailing list archives

Re: SearchSecurity: Cyber Security and the Law

From: Jeffrey Walton <noloader () gmail com>
Date: Thu, 2 Aug 2012 10:26:39 -0400

Hi Dr. McGraw,

Cyber Intelligence Sharing and Protection Act (CISPA) passed by
there House in April) has very little to say about building security in.

I'm convinced (in the US) that users/consumers need a comprehensive
set of software liability laws. Consider the number of mobile devices
that are vulnerable because OEMs stopped providing (or never provided)
patches for vulnerabilities. The equation [risk analysis] needs to be
unbalanced just a bit to get manufacturers to act (do nothing is cost
effective at the moment).

Jeff

On Wed, Aug 1, 2012 at 10:28 AM, Gary McGraw <gem () cigital com> wrote:

hi sc-l,

This month's [in]security article takes on Cyber Law as its topic.  The US Congress has been debating a cyber 
security bill this session and is close to passing something.  Sadly, the Cybersecurity and Internet Freedom Act 
currently being considered in the Senate (as an answer to the problematic  Cyber Intelligence Sharing and Protection 
Act (CISPA) passed by there House in April) has very little to say about building security in.

Though cyber law has always lagged technical reality by several years, ignoring the notion of building security in is 
a fundamental flaw.

http://searchsecurity.techtarget.com/opinion/Congress-should-encourage-bug-fixes-reward-secure-systems

Please read this month's article and pass it on far and wide.  Send a copy to your representatives in all branches of 
government.  It is high time for the government to tune in to cyber security properly.


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Current thread:

SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 02)
- Re: SearchSecurity: Cyber Security and the Law Jeffrey Walton (Aug 02)
  - Re: SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 02)
    - Re: SearchSecurity: Cyber Security and the Law Greg Beeley (Aug 02)
    - Re: SearchSecurity: Cyber Security and the Law Gary McGraw (Aug 08)
    - Re: SearchSecurity: Cyber Security and the Law Iván Arce (Aug 09)
    - Re: SearchSecurity: Cyber Security and the Law Lucas Ferreira (Aug 09)
    - Re: SearchSecurity: Cyber Security and the Law Iván Arce (Aug 08)