Talk:Cybersecurity

From CSEP590TU
Revision as of 15:38, 15 October 2004 by Cmbenner (talk | contribs)

Jump to: navigation, search

Improving software security: interdisciplinary analysis

I have been looking but haven't found anything that analyzes the problems with and opportunities for creating more secure software by drawing on the perspectives of law, computer science/software engineering, business and perhaps other disciplines at the same time. Could be the sort of big-picture analysis a policy-maker needs, or pieces of this might be interesting to run with...

There's a lot here--some early quick thoughts...

Business issues: consumers don't demand security over features, companies don't provide security then: how can this change? Marketing: Is it up to marketing departments to convince consumers they need security?

Technical issues: are there generalizable ways to measure security? Ones that could translate into a system that consumers can use to decide what software to buy (assuming they have choice)? Do better software engineering practices (code review, documentation) make software more secure? Do improvements in the tools and techniques software engineers use make software more secure? Can these questions be answered?

Legal issues: vendor liability. What are the costs and benefits of making software vendors liable for insecure software vs. the status quo? Are there other equally effective ways of making software more secure? Would imposing liability chill innovation?

Possible angles: open source vs proprietary--effects of imposing vendor liability on each community, technical analyses of which process produces more secure code...

--Caroline Benner, UW, public policy, cmbenner@u.washington.edu

Retrieved from "http://cubist.cs.washington.edu/CSEP590TU-wiki/index.php?title=Talk:Cybersecurity&oldid=221"