I recently read an article by Bruce Schneier, saying we need companies to be more responsible, legally, for security in order for security to improve.
So I got to thinking about how to do this, and here is my idea for a doubly sharp sword:
Make financial companies the most responsible, but give them an out: if they can catch the perpetrators of an attack against them, they won't be held (as) personally accountable for the security breach.
This would do three things: companies would have to write rather secure applications in order to even get into the market. They would have to measure their security in terms of guarantees of safety or results (about the only measurement possible). It would also become very scary to be a successful criminal. Bounty hunters, apparently, can be very scary.
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment