[SC-L] The FTC and Software Security

[Gary McGraw]

hi sc-l,

I just posted some thoughts on the FTC and software security.

Have a look: http://bit.ly/gem-FTC

gem

___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___

Re: [SC-L] The FTC and Software Security

[Jeffrey Walton]

On Wed, Sep 16, 2015 at 2:58 PM, Gary McGraw  wrote:
> hi sc-l,
>
> I just posted some thoughts on the FTC and software security.
>
> Have a look: http://bit.ly/gem-FTC

+1, well written.

I've kinda ignored the FTC over the years, and focused on the state
laws covering data breaches and notifications (48 states and the
district have them,
http://www.ncsl.org/research/telecommunications-and-information-technology/security-breach-notification-laws.aspx).

But breach notification and FTC actions are reactive, and not proactive.

Consumers still need a stick. Too much carrot is making the mule's fat
:) Once consumers can take action, then the risks will become real and
companies will start moving towards the defensive security posture
Cigital can help provide.

jeff
___
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
___