IEEE to Standardize OS Security Components

aster_ken writes "The Institute of Electrical and Electronic Engineers has started work on a standard for securing operating systems, as a recognition that software security is 'limited by the operating systems that underpin them', the organization said yesterday. The standard, dubbed IEEE P2200, will address external threats and intrinsic flaws arising from software design and engineering practices."

Limited release

That's just great, codify the security aspects of OSes into a $100 document that can't be freely redistributed. That's a really good idea...

So, did anyone else...

[pla]

So, did anyone else read the linked article and think "Looks like someone bought the IEEE's support of TCPA / Palladium"?

I hope not, but it certainly sounds that way. Basically, it makes the point that we cannot trust people not to run programs that break their own (or others) computers, so the task of limiting what (possibly malicious) code can run falls to the OS.

Sad. If I didn't have complete confidence that any DRM scheme will eventually prove itself flawed, I might actually worry. Though, I certainly do not look forward to the general inconvenience it would cause, regardless...


Only education (and not running Outlook) will help reduce the modern plague of worms, virii, spam, and other ways to generally make a computer and the internet grind to a crawl. Not legislation, and not crippled hardware. People simple need to learn how to secure their own damn machines.

Re:Quit whining - not everything has to be free

[qtp]

The problem with this particular document being a "pay to play" licensing scheme, is that it will likely be adopted into law in some way, either as a supplier specification or as a compliance requirement for marketing a product or service.

There are several jurisdictions in the United States where thier building codes are released in this way and are protected under copyright requiring a builder or homeowner to pay a large amount to have a copy of the current codes for reference and to pay an additional amount to include excerpts from the code in zoning and building permit applications. The fact that all persons (in that jurisdiction) are subject to compliance with these codes makes the licensing scheme an unfair limitation on builders giving an unfair advantage to larger construction companies and prevents homeowners being able to make even small improvements to thier properties if they are on a limited budget.

I have seen building projects where the cost of preparing the permits was extensively more than the cost of actual construction due to licensing costs for access to the building codes and the necessity of including exerpts from the building code in the application. The one that springs to mind is a $1,500.00 improvement to a fire escape (required by code) that cost in excess of $2,000.00 to prepare the permits. If there had been no licensing fee for code exerpts , and if a reference copy of the code had been possible to obtain for less than $750.00, it would have cost less than $500.00 to prepare the permit, as it would have been possible to prepare the application in house and would not have required a legal review of the application before submittal.

The only purpose that charging for the use of a specification serves is to limit the playing feild in the affected industry to a certain class of individuals who either already have money with which to pay, or have made commitments to persons who might or might not be knowlegable about the involved technology, but have the economic power and the desire to regulate that industry.

This kind of non-governmental regulation puts an artificial limitation on the mechanisms of capitolism and prevents the very kind of "free market" (that you seem to be arguing for) from developing and prevents participation from legitimate businesses and other projects that have the necessary skills, knowledge, and abilities, but are lacking in support from the already established players in that market.