Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Politech mailing list archives

FC: Reply to Schneier: No need for more federal "cybersecurity" laws
From: Declan McCullagh <declan () well com>
Date: Wed, 16 Oct 2002 09:56:41 -0400
Previous Politech message:
http://www.politechbot.com/p-04081.html

---

Date: Tue, 15 Oct 2002 22:28:13 -0400
From: Roderick Sprattling <rls () wiseworks com>
To: declan () well com
Subject: Re: FC: Bruce Schneier: Feds need to pass new laws for "cybersecurity"

Declan,
I agree with Schneier when he says "make companies liable for insecurities, and you'll be surprised how quickly things get more secure." But don't pass laws making companies liable: Markets can be much stronger motivators than regulation, so turn up the liability heat in society by creating and promoting security's version of Consumer Reports.
Love it or hate it, you've got to admit Consumer Reports and similar product testing and review organizations do more than just teat, praise and pan products. They also identiy and teach people what attributes of a product class really matter, and what the acceptable range of those attributes' values should be. 

In time:
- People will learn the applicability of information security to their lives, and demand security from organizations. 
- Standards bodies will be more focused and careful.
- Organizations will first consider security in product and service design.
- Organizations will be more careful about product claims and information utilization. 
- Organizations will be more responsive to security breaches.
Social and economic liabilies are far more powerful, immediate and elegant forces of influence than criminal and civil liabilities. Organizations also can't write themselves out of the liability loop as they can when the law is involved, so governmental and non-commercial organizations are influenced as well. 

Rod Sprattling
rls () wiseworks com




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
Declan McCullagh's photographs are at http://www.mccullagh.org/
-------------------------------------------------------------------------
Like Politech? Make a donation here: http://www.politechbot.com/donate/
Recent CNET News.com articles: http://news.search.com/search?q=declan
-------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
  • FC: Reply to Schneier: No need for more federal "cybersecurity" laws Declan McCullagh (Oct 16)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]