Talk:Cybersecurity

From CSEP590TU
Jump to: navigation, search

Improving software security: interdisciplinary analysis

Caroline Benner I have been looking but haven't found anything that analyzes the problems with and opportunities for creating more secure software by drawing on the perspectives of law, computer science/software engineering, business and perhaps other disciplines at the same time.

To apply Professor Maurer's suggested formula for papers for the course to this idea: you start with the non-trivial observation about computer science that is likely unknown to most non-technical people: here, that writing secure code--as well as measuring the secureness of code--is, so far as I understand, a difficult problem for computer scientists. You could consider the technical challenges and opportunities here (outlined below). From there you connect the point to social goals (i.e., more secure software is desirable for society) and work out the policy/legal options (to paraphrase Steve) and in this case, business options for improving software security too.

There's a lot here--some early quick thoughts...

Technical issues: are there generalizable ways to measure security? Ones that could translate into a system that consumers can use to decide what software to buy (assuming they have choice)? Do better software engineering practices (code review, documentation) make software more secure? Do improvements in the tools and techniques software engineers use make software more secure? Can these questions be answered?

Legal issues: vendor liability. What are the costs and benefits of making software vendors liable for insecure software vs. the status quo? Are there other equally effective ways of making software more secure? Would imposing liability chill innovation?

Business issues: consumers don't demand security over features, companies don't provide security then: how can this change? Marketing: Is it up to marketing departments to convince consumers they need security?

Possible angles: open source vs proprietary--effects of imposing vendor liability on each community, technical analyses of which process produces more secure code...

If anyone is interested in exploring more about this topic we have formed a group to deal with the issue of security in OS vs. IP Student_Projects:Most_Secure_Platform

Tolba 17:26, 24 Oct 2004 (PDT)
Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Talk:Cybersecurity&oldid=4978"