Sue over shoddy software? Experts say not so fast

By George V. Hulme, CSO |  Security, Apple, David Rice

With reports swirling that Apple has hired security author David Rice as director of global security, the ideas Rice has put forth in the past to help improve software quality have moved back into public debate.

Rice's book, "Geekonomics," attempts to tackle the nebulous and contentious topic of software quality and the cost insecure code levies on us all. In his career, Rice has also works as a global network vulnerability analyst for the NSA as well as a cryptologic officer in the United States Navy.

Also see "Geekonomics excerpt: The Perversity of Patching"

In this recent OWASP (Open Web Application Security Project) talk, Rice likens the battle for the hearts and minds of the public to demand secure code to that of the battle against pollution as a side-effect of industrialization. Once upon a time, pollution was accepted as a given as part of an industrialized society. Eventually, some started to demand pollution be brought under control, and eventually forward-thinking companies saw being environmentally friendly as smart business.

Rice hopes to see the same evolution in thought when it comes to software security: that eventually, software vendors would recognize that developing secure, sustainable software is smart business. However, Rice acknowledges, that's not likely until the marketplace has better information about the quality of the software it consumes. That is: consumers (whether they be individuals or businesses) need to be able to evaluate the inherent security of an application.

For instance, the notion of some type of 5-Star Safety Rating for software could help software buyers understand the security of an application through some type of third-party evaluation and testing. "The idea is to give consumers the information they need to make better decisions. This would improve the efficiency of the market for software," says Josh Corman, research director at the 451 Group's enterprise security practice. "People today, generally, have no idea how to judge the quality of software as it relates to security. Such information would provide the clarity a market needs to function," he says.

Also see: "'Unbreakable' was a stretch, 'Rugged' more attainable"


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness