Software, vendors and reputation: An analysis of the dilemma in creating secure software

Craig Wright

Research output: Book chapter/Published conference paperConference paperpeer-review

1 Citation (Scopus)

Abstract

Market models for software vulnerabilities have been disparaged in the past citing how these do little to lower the risk of insecure software. This leads to the common call for yet more legislation against vendors and other producers in order to lower the risk of insecure software. We argue that the call for nationalized intervention does not decrease risk, but rather the user of software has an economic choice in selecting features over security. In this paper, we investigate the economic impact of various decisions as a means of determining the optimal distribution of costs and liability when applied to information security and in particular when assigning costs in software engineering. The users of a software product act rationally when weighing software risks and costs. The choice of delivering features and averting risk is not an option demanded by the end user. After all, it is of little value to increase the cost per unit of software if this means that users purchase the alternative product with more features. We argue that the market models proposed are flawed and not the concept of a market itself.
Original languageEnglish
Title of host publication2nd International Conference on Trusted Systems, INTRUST 2010
Place of PublicationNew York
PublisherSpringer-Verlag London Ltd.
Pages346-360
Number of pages15
ISBN (Electronic)9783642252822
Publication statusPublished - 2011
Event2nd International Conference on Trusted Systems, INTRUST 2010 - Beijing, China
Duration: 13 Dec 201015 Dec 2010

Conference

Conference2nd International Conference on Trusted Systems, INTRUST 2010
CountryChina
Period13/12/1015/12/10

Fingerprint Dive into the research topics of 'Software, vendors and reputation: An analysis of the dilemma in creating secure software'. Together they form a unique fingerprint.

Cite this