Hi Jeff, I'm afraid I disagree. The hyperbolic way to state this is, imagine YOUR lawyer faced down by Microsoft's army of lawyers. You lose.
Software liability is not the way to go in my opinion. Instead, I would like to see the government develop incentives for good engineering. gem On 8/2/12 10:26 AM, "Jeffrey Walton" <noloa...@gmail.com> wrote: >Hi Dr. McGraw, > >> Cyber Intelligence Sharing and Protection Act (CISPA) passed by >> there House in April) has very little to say about building security in. >I'm convinced (in the US) that users/consumers need a comprehensive >set of software liability laws. Consider the number of mobile devices >that are vulnerable because OEMs stopped providing (or never provided) >patches for vulnerabilities. The equation [risk analysis] needs to be >unbalanced just a bit to get manufacturers to act (do nothing is cost >effective at the moment). > >Jeff > >On Wed, Aug 1, 2012 at 10:28 AM, Gary McGraw <g...@cigital.com> wrote: >> hi sc-l, >> >> This month's [in]security article takes on Cyber Law as its topic. The >>US Congress has been debating a cyber security bill this session and is >>close to passing something. Sadly, the Cybersecurity and Internet >>Freedom Act currently being considered in the Senate (as an answer to >>the problematic Cyber Intelligence Sharing and Protection Act (CISPA) >>passed by there House in April) has very little to say about building >>security in. >> >> Though cyber law has always lagged technical reality by several years, >>ignoring the notion of building security in is a fundamental flaw. >> >> >>http://searchsecurity.techtarget.com/opinion/Congress-should-encourage-bu >>g-fixes-reward-secure-systems >> >> Please read this month's article and pass it on far and wide. Send a >>copy to your representatives in all branches of government. It is high >>time for the government to tune in to cyber security properly. >> _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
