Issue No.02 - March/April (2010 vol.8)
J. Alex Halderman , University of Michigan
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2010.85
Many common software vulnerabilities are avoidable if software makers apply appropriate care, yet developers' incentives often lead them to underinvest in security. Profit-maximizing developers invest to the extent that strengthening security increases sales or reduces their liability, yet these incentives are undermined by the software market's structure. By understanding and reshaping such incentives, we can greatly improve security at comparably low cost. The author argues for requiring increased transparency about security problems and development practices, which will help software buyers make better-informed purchases, and for holding developers liable for the costs of security failures caused by their products.
security economics, developers' incentives, transparency, liability, security and privacy
J. Alex Halderman, "To Strengthen Security, Change Developers' Incentives", IEEE Security & Privacy, vol.8, no. 2, pp. 79-82, March/April 2010, doi:10.1109/MSP.2010.85