[discuss] Who is responsible for security
roland at internetpolicyagency.com
Thu Jan 16 20:34:23 UTC 2014
In message <52D82E2D.2080806 at gmail.com>, at 08:08:29 on Fri, 17 Jan
2014, Brian E Carpenter <brian.e.carpenter at gmail.com> writes
>>> When society started to look at it as a consumer protection issue,
>>> and not as a "Car governance" issue, we got the right answer.
>> 'Consumer protection' generally comes down to resolving financial
>> disputes with a supplier.
>> And the ways that governments make vehicles safer is precisely by
>> applying "Car Governance" - a set of complex rules about how the design
>> of a car has to meet various criteria.
>Which all started with "Unsafe at any speed".
That's particular to the USA.
>I'm not denying that
>IT security may need regulation - my point is that it has to start
>with the recognition that it's an issue for society and that's got
>to come from the consumer side, as it did with car safety.
In Europe the demand has come mainly from government, not the consumers;
who quite often resented the extra restrictions and expense that
'better' safety measures imposed upon them.
>Since most of the security exposures popularly blamed on the
>Internet are actually due to weaknesses in the end systems, it's
>especially important to remove most of this problem from the
The 'popular' weaknesses are more to do with a lack of built-in
authentication in the core. With apologies for introducing spam again,
Open Relays are a classic example.
More information about the discuss