Hacker News new | ask | show | jobs
by ScottBurson 4900 days ago
Do you really think that any legal change would reduce the need for security auditing of apps? I'm afraid that seems awfully unlikely to me. Even if US-based attackers would be deterred, there are plenty of places in the world the Internet reaches but US jurisdiction doesn't.
1 comments
tptacek 4900 days ago
I think the effort put into securing computers is an inevitable dead-weight loss. Laws against pollution don't make everyone stop polluting; some polluters will just find creative ways to conceal what they're doing. Definitely doesn't mean I think pollution should be legal.
link
dlitz 4899 days ago
Computer security, at least while attached to the Internet, doesn't work that way. When all it takes is one attacker anywhere in the world to write a worm that compromises everyone, everyone needs to secure their systems.

Some problems really are best solved using technical means. If we stop building systems that can be exploited by arbitrary outsiders (yes, this is possible, and probably not that expensive in the long run if we standardize a few good protocols), then we can should be able to reach a point where a certain baseline of security can just be taken for granted.

link
tptacek 4899 days ago
The idea that abusing people's computers to disable their businesses or gain access to confidential information should be legal because "that problem is best solved using technical means" is so hostile to my perspective that there's probably little chance of us learning anything from each other by debating it.
link
ScottBurson 4899 days ago
For the record, that was not my thrust. (Can't speak for dlitz.)

I was just surprised at your suggestion that better laws would reduce your workload at Matasano.

link
dlitz 4893 days ago
You spoke for me well enough. If you reduce the number of computer criminals by 90%, it won't perceptibly change the amount of work that anyone has to put into writing secure programs, because the 10% of remaining criminals will still exploit everyone's vulnerabilities. If those laws impose friction on the rest of us (e.g. laws mandating wiretapping and/or filtering capability), then we all suffer huge aggregate costs for basically no gain.
link