User:Cmbenner

From CSEP590TU
Jump to: navigation, search

Some things I’d like to hear other opinions on: whether these are fledgling project ideas—or could inspire such—or just non-lecture specific musings, I’m not sure...


1. Provision of cybersecurity as a sort of market failure: how to create consumer demand? To properly give credit, Steve Maurer inspired me to think about this in an email exchange: if consumers can’t judge security for themselves, companies don’t have an incentive to provide it.

So many difficulties here: isn’t it difficult to judge how secure a piece of software is, even for computer scientists? And security depends not only on the software, but on its users as well -- how can you possibly measure that?

How to fix it? Independent labs like the Underwriters Labs if they can come up with ways to measure security may be a good idea, if you can get consumers to value their judgment, and act upon it with their dollars. Certify programmers, make their employment contingent on secure code? Make software companies culpable? A couple of billion-dollar lawsuits for security breaches might do the trick -- of course this could easily slow innovation to a crawl, if not stifle it entirely, if software companies were too scared to be sued for everything.

Another related issue: If Linux had absolutely the same number of vulnerabilities as Windows, which would be more secure? Probably Linux, for the reason that the bad guys get more for spending their time attacking Windows. "Security by obscurity" is not a valid security measure in and of itself, but it doesn't hurt. This seems to be an interesting angle since most of technology works the other way -- the more ubiquitous the technology, the “better” it is (it's much easier to share Word docs than WordPerfect ones).


2. Encouraging innovation: what does the open source model offer? Jumping off from the lectures on how to encourage innovation: It seems it’s often assumed that open source methods of collaborating, whether in software development or other areas, foster innovation. But, as the Economist argued a few months back, it’s unclear that open source methods can actually encourage genuine innovation: the article noted that the open source movement in software development hasn’t created anything new but rather equivalents of proprietary software (databases, operating systems…)

I suppose the answer to this question depends on how you define “innovation.”

And related: how might wikis contribute to the innovation process?

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=User:Cmbenner&oldid=4963"