top | item 42965608

(no title)

How about some penalties for their creation? If NSA is discovering or buying, someone else is creating them (even if unintentionally).

Otherwise corporations will be incentivized (even more than they are now) to pay minimal lip service to security - why bother investing beyond a token amount, enough to make PR claims when security inevitably fails - if there is effectively no penalty and secure programming eats into profits? Just shove all risk onto the legal system and government for investigation and clean up.

discuss

No comments yet.