Economics and Security

March 14, 2008
Dan Cornell
Economics_report

Bruce Schneier had a post yesterday about a report discussing economics and security.  I skimmed the first couple of pages and they have some very interesting recommendations about laws and regulations that would tweak the incentives of ISPs and other technology vendors in order to increase the security of the Internet.  The whole document is 114 pages long but the intro was interesting enough for me to print it out to read over the weekend.

I have always thought it was important to remember that good security involves risk management rather than risk elimination.  It is interesting to see the issue addressed from another angle where changing the incentives of technology providers can be used to also improve the security landscape.

–Dan
dan _at_ denimgroup.com

About Dan Cornell

A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As the Chief Technology Officer and a Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process. He is also the original creator of ThreadFix, Denim Group's industry leading application vulnerability management platform.
More Posts by Dan Cornell

Categories: Information Security Security Programs Web Application Security

Leave a Reply

Your email address will not be published. Required fields are marked *