Sending Software Execs To Jail For Bad Security
from the that'll-wake-'em-up dept
It’s pretty easy to make suggestions like this when you’re sitting at a desk writing articles, and not writing code. Over at News.com, Charles Cooper is suggesting that the way to solve the cybersecurity issue is to put the fear of jail into software execs. Basically, he wants a Sarbanes-Oxley for cybersecurity that says that if a system is not secure, the executives of a company that makes the products can go to jail. While he is right that many security problems are due to sloppy programming, programming is not quite the same as accounting, and mistakes are going to slip through – not because of fraud (as in most accounting issues), but because it’s nearly impossible to find every potential security hole or imagine every possible attempted intrusion scenario. While such a law likely would improve security on a number of products, it would also create a huge burden on software companies (and make many smart execs wary of becoming a software CEO). While it might make sense to increase the liability of software companies that do a bad job, there has to be a limit, or it will make it absolutely impossible for any new software company to ever get started.