On the other hand, if everybody who wrote, shipped or administered insecure systems were liable including open source, you would think large institutions would have an advantage. It's surprising Microsoft doesn't support broad liability for security holes (or maybe this is the next phase after Palladium). Microsoft could just buy insurance against this liability anyway. And this gets to Bruce's real solution: that with insurance and liability for security holes, there will be a free market for security. Companies could sell secure products and agree to accept some liability (currently every software package you buy disclaims liability for anything, even problems they know about). This is a very free market approach. Akin to the carbon market which puts an actual price on pollution of a certain kind, liability and insurance put a price on insecurity.
Thursday, November 21, 2002
Why do we have such bad security? In tonight's keynote, Bruce Schneier started by assuming that large companies have bad security (products or systems) because it makes business sense. It doesn't make sense to spend money on security until it becomes more expensive not to. There are few consequences for bad security. He suggests increasing liability, which has interesting implications for open source. If open source projects were immune to liability, that would be a killer advantage for open source code in some areas.
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2002
(182)
-
▼
November
(11)
- Why the end of feminism is bad news for men (link ...
- Why do we have such bad security? In tonight's ke...
- More security notes from the IETF. A couple respon...
- Den Beste lambastes a researcher for publishing a ...
- Here's a graph from the Fraser Institute on how ba...
- "Canada has the best healthcare system on earth – ...
- Dave Barry published a mildly funny rant on Modern...
- Emotionally I prefer national health care, but int...
- It's not often I see or hear something that makes ...
- I'm now co-chair of a new IETF working group calle...
- This morning on the jitney in San Francisco, two o...
-
▼
November
(11)
No comments:
Post a Comment