Comments

Tristam29January 19, 2008 11:50 AM

In the interview you say that regulation sells more security products and services, but you imply this is because fear and greed don't work as motivators for security. This seems like a non sequitur since complying with the law is a fear-based rationalization: the fear of prosecution or even the fear of an expensive lawsuit is the underlying motivation.

I agree with you that regulation sells more security products and services, but I think it has more to do with the fact that regulation ends up creating a (perhaps ad hoc) set of metrics that can be used to somewhat objectively measure the end result in a language that business people understand: the law.

SedgequillJanuary 19, 2008 7:29 PM

Will liability ever settle upon operating systems with security failings that result in actual damages, I wonder, or will the conditions of customer agreements always preclude that possibility?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..