Tristam29 • January 19, 2008 11:50 AM
In the interview you say that regulation sells more security products and services, but you imply this is because fear and greed don’t work as motivators for security. This seems like a non sequitur since complying with the law is a fear-based rationalization: the fear of prosecution or even the fear of an expensive lawsuit is the underlying motivation.
I agree with you that regulation sells more security products and services, but I think it has more to do with the fact that regulation ends up creating a (perhaps ad hoc) set of metrics that can be used to somewhat objectively measure the end result in a language that business people understand: the law.
Sedgequill • January 19, 2008 7:29 PM
Will liability ever settle upon operating systems with security failings that result in actual damages, I wonder, or will the conditions of customer agreements always preclude that possibility?
Daew • January 21, 2008 10:10 AM
An interesting reading, Bruce, as ever.
Subscribe to comments on this entry
Sidebar photo of Bruce Schneier by Joe MacInnis.
Leave a comment