The Security Burden Shouldn't Rest Solely on the Software User
October 31, 2013
The below is the final installment in a five-part series. Part 1 explored the problems stemming from our collective unwillingness to hold software providers accountable for vulnerability-ridden code. Part 2 argued that the technical challenges associ
We Need Strict Laws If We Want More Secure Software
October 30, 2013
This is the fourth installment in a series on whether and how to hold software makers financially liable for the insecurity of their products. Part I offered an overview of the problem of insecure code. Part II countered the notion that the technical
What You Don't Know About Internet Security Will Definitely Hurt You
October 22, 2013
This is the third installment in a series on whether and how to hold software makers financially liable for the insecurity of their products. Part I offered an overview of the problem of insecure code; Part II countered the notion that the technical
Ladar Levison, owner of the now-defunct encrypted email site Lavabit, made headlines back in August when he shut the service down to avoid “becom[ing] complicit in crimes against the American people.” But the Lavabit saga is far from over.
Why Is Our Cybersecurity So Insecure?
October 11, 2013
It’s true: perfectly secure software is a pipedream. Experts agree that we cannot make software of “nontrivial size and complexity” free of vulnerabilities. Moreover, consumers want feature-rich, powerful software and they want it quickly; and this tends to produce huge, bulky, poorly-written software, released early and without adequate care for security.
Bad Code: Should Software Makers Pay? (Part 1)
October 03, 2013
The joke goes that only two industries refer to their customers as “users.” But here's the real punch line: Drug users and software users are about equally likely to recover damages for whatever harms those wares cause them.