The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.02 - March/April (2010 vol.8)
pp: 79-82
J. Alex Halderman , University of Michigan
ABSTRACT
Many common software vulnerabilities are avoidable if software makers apply appropriate care, yet developers' incentives often lead them to underinvest in security. Profit-maximizing developers invest to the extent that strengthening security increases sales or reduces their liability, yet these incentives are undermined by the software market's structure. By understanding and reshaping such incentives, we can greatly improve security at comparably low cost. The author argues for requiring increased transparency about security problems and development practices, which will help software buyers make better-informed purchases, and for holding developers liable for the costs of security failures caused by their products.
INDEX TERMS
security economics, developers' incentives, transparency, liability, security and privacy
CITATION
J. Alex Halderman, "To Strengthen Security, Change Developers' Incentives", IEEE Security & Privacy, vol.8, no. 2, pp. 79-82, March/April 2010, doi:10.1109/MSP.2010.85
REFERENCES
1. M. Howard and S. Lipner, "Inside the Windows Security Push," IEEE Security & Privacy, vol. 1, no. 1, 2003, pp. 57–61.
2. G.A. Akerlof, "The Market for 'Lemons': Quality Uncertainty and the Market Mechanism," Quarterly J. Economics, vol. 84, no. 3, 1970, pp. 488–500.
3. R. Anderson, "Why Information Security is Hard—An Economic Perspective," Proc. 17th Ann. Computer Security Applications Conf., 2001, pp. 358–365.
4. B. Schneier, "How Security Companies Sucker Us with Lemons," Wired,19 Apr. 2007; www.wired.com/politics/security/commentary/ securitymatters/2007/04securitymatters_0419 .
5. M.D. Scott, "Tort Liability for Vendors of Insecure Software: Has the Time Finally Come?" Maryland Law Rev., vol. 62, no. 2, 2008, pp. 425–484.
445 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool