[arice]

I don't make a habit of storing assets in banks that fail to insure me against a total loss of those assets. That insurance just happens to require extensive third-party verification of security practices that may be publicly audited upon request.

The analogy doesn't hold when applied to the digital services we all depend upon as such assurances are impossible.

[sdrothrock]

> The analogy doesn't hold when applied to the digital services we all depend upon as such assurances are impossible.

Rather than allowing anyone to try to crack a server as long as they claim to be a white hat, I'd much rather require corporations to go through a standard, "extensive third-party verification of security practices that may be publicly audited upon request" and default cracking attempts to "illegal."

I may be misunderstanding something in what you're saying, though -- if I am, could you clarify that for me?

[spacemanmatt]

I think the internet just about has them storing their vaults on the public sidewalks.