Skip to main content

RSA Conference Europe 2005 - To regulate or not to regulate – Panel discussion

The general agreement was that it will get much worse than today, before it gets any better. How it will improve is much disputed: One side argues that government should intervene and hold software vendors liable for damages that are incurred due to faulty software. The other side refers to examples like US Sarbanes-Oxley Act of 2002 (SOX), where a few who misbehave draw a massive legislative backlash that has uncertain (and sometimes even unwanted) consequences. One example mentioned was the fact that parts of the widely agreed SOX-compliance implementation steps (whistleblower procedures) interfere with data protection laws in other countries (like France) or where the pressure of the public leads to laws that do not solve the problem, like the CAN-SPAM act. Industry representatives fear legislation as restrictions for innovation. Generally, the technology to make IT more secure is available, but there seems to be a market failure in allocating the costs to the entities that can actually change something. Today, security costs (costs for additional software, hardware, time to patch, control, clean up and/or re-install systems) are carried by the users of computers – be it individuals or corporations - instead of the providers of faulty software or services.


Popular posts from this blog


LOL; that is a very nice idea; wouldn't it be great if the boxes were recycled ones? I don't really like my pizzas come in boxes, because they always taste like the box...

Dark Twonky writes "Human Beans is selling the perfect gift for the geek who has everything. It's the PowerPizza, a pizza box for transporting your precious laptop in. From the web site: Desirable laptops are desirable to thieves too. Disguise your laptop with a PowerPizza and reduce the risk of getting it nicked." [Slashdot]