[LINK] What's a reasonable level of code-checking?

[Rick Welykochy]

--- Craig Sanders <cas at taz.net.au> wrote:

> computer security is a shared responsibility between the developers,
> the distributors, AND the users. finding the correct balance of rights
> vs responsibilities may be difficult but legislating so that the entire
> responsibility is on the shoulders of the developers is just plain
> broken.

I can envision bullet-proof systems that simple "just work" out
of the box. Let's say a purpose-built network box for connecting
consumers to the big wide info-autobahn seamlessly and with total
security. The box has a well-defined set of functional and security
requirements. It can be tested against those requirements. We do
have the nouse to make such a box today.

In that case, I do not see the consumer having *any* responsibility
in securing the box. The consumer's responsibility is not to act
stupidly and give away their money / ID / whatever using that box.
But the law cannot and should not protect idiots from their own
stupidity. It is in the consumer's own interest not to use the
box to their own disadvantage.

The way things are going now, especially in consumer land, is really
pathetic. People I talk to on a daily basis do not use their
Windows box for Internet banking. They are too scared to. They know
their bank accounts can be emptied out in seconds if they are not
careful. Interestingly, when I ask about fears of ID theft, I usually
get a blank stare. Why? Because that particular avenue of endeavour
is newer on the 'net. It will only be a matter of time before Joe Sixpack
will be fearful of ID fraud in addition to losing his bank account contents.
Add to that newer emerging crimes and soon Joe Sixpack will not want to
use the Internet at all with his Windows box.

Perhaps this will be a Good Thing (TM).

cheers
rickw


Send instant messages to your online friends http://au.messenger.yahoo.com