[SC-L] Could mandates on disclosing software effects benefit
bugtraq at cgisecurity.net
bugtraq at cgisecurity.net
Thu Feb 1 01:10:13 EST 2007
> Question is: would it make sense to lobby for disclosure requirements of all
> writes software does, to whatever, and reasons for them, as conditions to make
> it fit for sale? Perhaps likewise to be a (or the?) defense against claims the
> software is doing things to others' machines without authoriation?
>
> Certainly such lists would require more of everyone installing software, at
> least in principle (I imagine permission interpreters would alleviate most
> work), but they would also make it possible for the first time to give trust in
> an informed way.
>
People see Microsoft in the news all the time for having vulnerabilities and it isn't stopping
them from making money. Regarding websites, myspace and other large online companies have also
been bitten and aren't being negative affected.
I think creation of federal guidelines requiring security in the development cycle would be a much more
practical way to force people to implement appropriate baseline security measures. To some extent
policies such as SOX are starting this process regarding certain types of data or environments.
In the majority of causes without the threat of preventing business, you're not going to get people to do anything unless they
absolutely need to.
Regards,
- Robert
http://www.cgisecurity.com/
http://www.webappsec.org/
http://www.qasec.com/
More information about the SC-L
mailing list