40 Years In The Desert: Many Security Exploits Financial, Not Technical Issue

11 March 2008

Many Security Exploits Financial, Not Technical Issue

El Reg writes about an academic article that calls for making vendors liable for security exploits.

This is a good idea:

In the real world investment in risk avoidance may not be profitable. Security failures often arise due to perverse incentives rather than the lack of suitable technology. For example, credit card firms can rely on business models that push the cost of fraud onto merchants and consumers rather than investing in reducing the problem themselves. That's because such investments would place them at a commercial disadvantage to their competitors.

Establishing economic incentives for IT suppliers to produce more secure products is arguably an even greater problem because software publishers are not held liable for the shortcomings of their products. These shortcomings may damage consumer faith in ecommerce but fail to effect sales, so a market-based solution in absence of regulatory pressure is difficult to imagine.

Microsoft would be bankrupt in 6 months.

0 comments :

Post a Comment

About/Contact

Matthew Saroff, Mechanical Engineer, Owings Mills, Maryland, US

I reserve the right to reprint any email correspondence on my blog.

If you want to keep your correspondence private, please tell me.

A member of the Democratic wing of the Democratic party, and a fan of Bernie who thinks Neoliberal (DLC/New Dem) trickle down conomics sucks.

Mechanical Engineer with a background in defense, electronics packaging, medical & food equipment, transportation, and manufacturing.

In my spare time (Hah!), I am the developer of the Firefox addon, bbCode for Web Extensions (bbCodeWebEx).

I have two cats, a black cat, and a gray and white long hair cat, who keep me on my toes. (Because he keeps attacking my feet)

I am a Jew and a Zionist, who is married to a woman with exquisitely bad taste in men, and I have two remarkable children with her.

What is 40 Years in the Desert?

This blog is a place to put my stream of consciousness thoughts about life, politics, technology, and cats.

It's a posting ground for my more-or-less annual personal newsletter, 40 Years in the Desert.(PDF's available at link)

I find that if I wait until year's end I miss stuff from earlier in the year.

40 Years is put out the old fashioned way, it's printed out on ledger sized paper with 4 pages and mailed to people, total circulation of about 100.

I'm just not the holiday card kind of guy. A warning, if you comment here, I may use it in my paper publication.

You will get credit, and if I can get your postal adress, you will get at least the issue where you are quoted (probably a lot more, I rarely trim my list).

If someone actually wants to pay for an issue...I don't know, I guess a buck, but you can get the PDF's free.

I intend to post at least a couple of times a week,

40 Years In The Desert

Google Search

Recent Comments

Tags

11 March 2008

Many Security Exploits Financial, Not Technical Issue

0 comments :

Post a Comment

Feeds

Get daily digest by email:

Matthew's Saroff's Beer (and Laptop) Fund and Tip Jar

About/Contact

Blog Archive

Blogroll

Other Links

Firefox Extensions

Other Indispensable Software

What is 40 Years in the Desert?

Privacy Policy

Commercial Disclosures