Jane Chong

The Security Burden Shouldn't Rest Solely on the Software User
October 31, 2013

The below is the final installment in a five-part series. Part 1 explored the problems stemming from our collective unwillingness to hold software providers accountable for vulnerability-ridden code. Part 2 argued that the technical challenges associ

We Need Strict Laws If We Want More Secure Software
October 30, 2013

This is the fourth installment in a series on whether and how to hold software makers financially liable for the insecurity of their products. Part I offered an overview of the problem of insecure code. Part II countered the notion that the technical

What You Don't Know About Internet Security Will Definitely Hurt You
October 22, 2013

This is the third installment in a series on whether and how to hold software makers financially liable for the insecurity of their products. Part I offered an overview of the problem of insecure code; Part II countered the notion that the technical

The Government Thinks It's Legal to Access Your Emails. This Theory Explains Why.
October 16, 2013

Ladar Levison, owner of the now-defunct encrypted email site Lavabit, made headlines back in August when he shut the service down to avoid “becom[ing] complicit in crimes against the American people.” But the Lavabit saga is far from over.

Why Is Our Cybersecurity So Insecure?
October 11, 2013

It’s true: perfectly secure software is a pipedream. Experts agree that we cannot make software of “nontrivial size and complexity” free of vulnerabilities. Moreover, consumers want feature-rich, powerful software and they want it quickly; and this tends to produce huge, bulky, poorly-written software, released early and without adequate care for security.

Bad Code: Should Software Makers Pay? (Part 1)
October 03, 2013

The joke goes that only two industries refer to their customers as “users.” But here's the real punch line: Drug users and software users are about equally likely to recover damages for whatever harms those wares cause them.