Bruce Schneier had a post yesterday about a report discussing economics and security. I skimmed the first couple of pages and they have some very interesting recommendations about laws and regulations that would tweak the incentives of ISPs and other technology vendors in order to increase the security of the Internet. The whole document is 114 pages long but the intro was interesting enough for me to print it out to read over the weekend.
I have always thought it was important to remember that good security involves risk management rather than risk elimination. It is interesting to see the issue addressed from another angle where changing the incentives of technology providers can be used to also improve the security landscape.
–Dan
dan _at_ denimgroup.com
