Saturday, April 06, 2013

Moral responsibility for software security should rest with vendors

On Friday, April 5, Marc Maiffret offered an essay in the New York Times, p. A23, “Closing the door on hackers’, link here, p A23.
Maiffret says that the main problem is that software vendors don’t try hard enough to make their products secure.  Instead, the government and authorities are constantly warning users and employees that it is their responsibility not to get infected or duped by swindles.  In a few cases, users have been held criminally liable for malware (or perhaps child pornography) with winds up on their machines, or associates have been fired. The "moral" justification for this viewpoint has to do with asymmetry.  

Microsoft (“Microslop” – remember the days of Windows Me?) has reformed its priorities, but too many other companies have too much incentive to offer more gadgetry that invites security problems,  The article is particularly critical of Adobe (for PDF and Flash vulnerabilities, from overloading and Oracle (for Java, whose holes are so serious that attackers can take over home machines using it sometimes). 

No comments: