LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

putting a price on lax security...

putting a price on lax security...

Posted Jul 19, 2007 12:34 UTC (Thu) by jabby (guest, #2648)
In reply to: Security research: buy low, sell high? by ortalo
Parent article: Security research: buy low, sell high?

Actually, I was just thinking that this is a good way to get development companies who undervalue security auditing to put a realistic value on it. When they see what it will cost to buy themselves out of trouble ("Buy exclusively!"), perhaps they will see the relative cost-effectiveness of dedicating resources to security in their development processes. If not, at least it forces them to pay for their lax approach to security.

Re: punishment... I don't believe in punishment. In the first part of the theory, people learn to avoid the negative consequence and adjust their behavior in the future. That part might have some bearing on reality, but it certainly hasn't solved the problems of society (think "recidivism", "repeat offenders"). The other part of the theory is that the knowledge of the punishment will cause people to avoid the behavior in the first place. This just hasn't been shown to work (think "partial reinforcement"). In general, I find that understanding the source/motive of the bad behavior and addressing it at that level is far more effective.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds