Interview with Eugene Spafford

scubacuda writes "Dr. Eugene 'Spaf' Spafford, security expert and professor of Computer Science at Purdue University, talks with Greplaw about what drove him to the computer security field, what it's like to testify before the White House and Congressional committees on information security and public policy, and how legislating technology is 'bad law.' For you budding legal geeks interested in forensics, technology, law, and ethics, Spaf has provided a reading list."

Should there need to be a security field in IT?

Most exploits are caused by M$ due to their overwhelming greed. Would we need security in IT if M$ could get their act together?

What they need to do is get RMS on board to give them some clue about how to go about distributing software in a way that will reduce the number of errors. After all, FOSS has a far faster turnaround time for fixing reported bugs.

Also, if they stopped outsourcing, then the quality of the final product should improve. Take Linux on the desktop. A fine SECURE product, produced with no outsourcing at all!

So logically, if all software was FOSS, then we would not need IT Security consultants.