Hi Dr. McGraw, > Cyber Intelligence Sharing and Protection Act (CISPA) passed by > there House in April) has very little to say about building security in. I'm convinced (in the US) that users/consumers need a comprehensive set of software liability laws. Consider the number of mobile devices that are vulnerable because OEMs stopped providing (or never provided) patches for vulnerabilities. The equation [risk analysis] needs to be unbalanced just a bit to get manufacturers to act (do nothing is cost effective at the moment).
Jeff On Wed, Aug 1, 2012 at 10:28 AM, Gary McGraw <g...@cigital.com> wrote: > hi sc-l, > > This month's [in]security article takes on Cyber Law as its topic. The US > Congress has been debating a cyber security bill this session and is close to > passing something. Sadly, the Cybersecurity and Internet Freedom Act > currently being considered in the Senate (as an answer to the problematic > Cyber Intelligence Sharing and Protection Act (CISPA) passed by there House > in April) has very little to say about building security in. > > Though cyber law has always lagged technical reality by several years, > ignoring the notion of building security in is a fundamental flaw. > > http://searchsecurity.techtarget.com/opinion/Congress-should-encourage-bug-fixes-reward-secure-systems > > Please read this month's article and pass it on far and wide. Send a copy to > your representatives in all branches of government. It is high time for the > government to tune in to cyber security properly. > _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________