Introduction

From CSEP590TU
Revision as of 02:25, 1 December 2004 by Cmbenner (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

In this paper, we explain to policy-makers what forces could be brought into play to improve computer security. We begin by evaluating the problems we're facing when it comes to computer security: we look at past, present and future threats. From there we offer the policy-maker a range of possible solutions for improving security, from technical, to policy to economic so the policy-maker is well-briefed in the various ways security can be improved. Our first solution is a technical one: we survey promising areas of research in designing secure systems and assess costs and benefits of these approaches. We then consider a policy solution, namely whether software engineering should be licensed as civil engineering is licensed. Finally, we conclude with a look at how we can design an independent lab to certify software. This lab would be useful because if the consumer could understand security via common, easily-understood ratings of how secure the software they buy is, this would create consumer demand for security. This, in turn, would encourage companies to provide security.

We then begin our discussion of solutions with an overview of who should bear responsibility for improving computer security.

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Introduction&oldid=2321"