Slashdot Mirror

← Back to Stories (view on slashdot.org)

Increased Software Vulnerability, Gov't Regulation

Posted by Hemos on from the the-perils-of-regulation dept.

PogieMT writes "An article in the New York Times (registration required) suggests that the rash of security flaws, viruses and worms is leading a push towards greater regulation by the government, which, according to the piece, has largely relied on the efforts of individual companies."

5 of 291 comments (clear)

  1. Regulation is not the answer by sql*kitten · · Score: 5, Insightful

    Regulation is not the answer - professionalism is. The government has oversight over the construction industry for example, but engineers are accredited and the profession is run day-to-day but the professional institution, in the UK this is the Institute of Civil Engineers. Same in medicine, the government oversees, but day to day regulation rests with the BMA, the British Medical Association, and doctors answer to them. Same with lawyers, accountants, investment bankers... even lifeguards and hairdressers have professional bodies.

    Software development needs to become more like engineering, and software developers should be required to take a qualification like CEng (UK) or PEng (US) in order to work in positions of authority and responsibility. Remember that engineering is about public safety - bridges don't often collapse, buildings don't often topple, and that's all because the people designing them have been certified by independant bodies. Programmers of safety-critical systems are already often required to be certified by the relevant body, usually that of the electrical engineers.

    1. Re:Regulation is not the answer by sql*kitten · · Score: 4, Insightful

      If a software program is poorly designed, it crashes, Joe User restarts his machine and goes on with his life. He doesn't even bother to investigate what caused the crash because it happens so often.

      But it is possible to write reliable software. Aircraft, for example, run on extremely reliable software. The way it works in civil engineering is, if you can't get a CEng to sign off on the plans, you can't go ahead with the project. A CEng won't sign unless he's sure, because if it fails, he's responsible and he'll likely never work again. The fact that he's an employee is neither here nor there, he answers to the ICE, not the company. A similar approach could be taken with software - make the senior programmer on a team personally responsible, and give them the authority - independant of the company employing them - to say yes or no.

  2. Re:Hmmm by rknop · · Score: 5, Insightful

    Call me cynical, but I don't think the US government are getting into this for the sake of safeguarding my PC from viruses...

    It's cynical, but it's also not an unreasonable fear based on anybody who's been rationally observing the behavior of our government recently.

    I fully expect that we'll see increased security resolutions which are ostensively tough on companies like Microsoft, but those companies will embrace them (while all the while getting good PR about "doing the right thing and making the right sacrfices") because ultimatly they will only be minor inconveniences... while the regulations that show up will all but prohibit free software (at least for commercial purposes, and possibly for anybody who wants to connect to the Internet), meaning that in the long run Microsoft benefits hugely from those "minor inconveniences".

    Meanwhile, the regulations-- like a lot of what we've seen with airport security-- won't increase actualy computer security one whit, but anybody who complains about them will be chastised by John Ashcroft as a whiner who won't let the government do what it needs to safeguard our homeland.

    Yeah, I'm cynical too.

    -Rob

  3. trusted computing anyone? by Alien+Being · · Score: 5, Insightful

    Gates is probably telling Bush "see, this is why we need trusted computing." Bush will declare that either you are with him, or you are with the terrorists.

  4. Now watch as... by Kyouryuu · · Score: 4, Insightful

    Now watch as Bill Gates and his cronies push for Trusted Computing, the Palladium project. After all, it's never Microsoft's fault that the bugs exist, right? It's always those darned users and by George we need to foolproof the system. Please. Trusting computing is a joke. It is a power play by top industry corporations to seize power and act as a yet another cohesive monopoly in a so-called free market. Just like the RIAA. Just like the MPAA.

    Here's a thought. Hold the software companies responsible for their own goofups and bugs. Let the people sue. Let the people file their class action lawsuits against Microsoft for their errors. But don't let the government take control.

    I don't want the ignorant US government, or any government for that matter, looking over the Internet and infringing on it any more than they already are. Half of those farts probably don't even know what the Internet is. I can't say I'd want these clueless individuals, easily motivated by legal bribery (lobbies) and big business (Palladium), to be involved. They will only serve to screw things up, pass ridiculous laws, and tax Internet commerce to death. Let the Internet be that one place government is unable to corrupt.

    The problem is that the people who aren't on the Internet; the people who take passive interest in computers, are ignorant to these facts. That's why I feel, unfortunately, that things like Palladium are destined to pass. Microsoft and others are going to get these bills through the door while the politicians are still ignorant to computers.

    I'd like to say we can stop them, but we don't have a $47 billion lobbyist group behind us.