Wednesday, December 01, 2004

Douglas Barnes: Deworming the Internet
Both law enforcement and markets for software standards have failed to solve the problem of software that is vulnerable to infection by network-transmitted worms. Consequently, regulatory attention should turn to the publishers of worm-vulnerable software. Although ordinary tort liability for software publishers may seem attractive, it would interact in unpredictable ways with the winner-take-all nature of competition among publishers of mass-market, internet-connected software. More tailored solutions are called for, including mandatory "bug bounties" for those who find potential vulnerabilities in software, minimum quality standards for software, and, once the underlying market failure is remedied, liability for end users who persist in using worm-vulnerable software.

harsh words, huh? it's a must-read, though. before you RAGE on this one, let's do the ol' reality check: a virgin windows box can get knocked up within four minutes of being connected to the internet for the first time. 80% of home pcs are currently knocked up.

see also: concerning 80% infection and security. equally worth reading... shapiro wants regulation, but he also observes that the current pandemic was enabled by ass-poor design decisions that could've been avoided. he should know--he's trying to rectify the mistakes, unlike most of the hippy community, which is content to perpetuate the fuckups of 70s computer science rather than using 70s computer science to fix them.

i'm reminded of a great interview with errol morris:
I posted a revision of Santayana’s famous quote on my web site... my emendation: “those who are unfamiliar with the past are condemned to repeat it without a sense of ironic futility.”


Post a Comment

<< Home