[IP] Deworming the Internet -- addressing market failure in computer security

To: Ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] Deworming the Internet -- addressing market failure in computer security
From: David Farber <dave@xxxxxxxxxx>
Date: Sun, 21 Nov 2004 11:25:34 -0500
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Douglas Barnes <salguod@xxxxxxxxxxxxxxx>
Date: November 20, 2004 10:48:55 AM EST
To: dave@xxxxxxxxxx

Subject: Deworming the Internet -- addressing market failure incomputer security



Dave--

I thought IP folks might be interested in a paper I've written which isjustnow available on SSRN. In part it's a response to the periodic callsfor

"liability" (notably from Bruce Schneier) as a mechanism for solving

computer problems. The upshot is that I think Bruce is right thatthere isa need for a regulatory response, but that extending, say, tortliability to

software would be a disaster.  In addition to my more complicated law &
economics argument for why this is, I point out in passing that ordinary

tort liability could crush open source software, which has thepotential to

act as a positive force in addressing the underlying market failure.

Links and abstract below.  Comments welcome.

Cheers,

Douglas Barnes

===========

http://papers.ssrn.com/sol3/Delivery.cfm/SSRN_ID622364_code402123.pdf?abstra

ctid=622364&mirid=1 or http://papers.ssrn.com/abstract=622364

Abstract:

Both law enforcement and markets for software standards have failed tosolve

the problem of software that is vulnerable to infection by

network-transmitted worms. Consequently, regulatory attention shouldturn tothe publishers of worm-vulnerable software. Although ordinary tortliability

for software publishers may seem attractive, it would interact in
unpredictable ways with the winner-take-all nature of competition among
publishers of mass-market, internet-connected software. More tailored

solutions are called for, including mandatory "bug bounties" for thosewhofind potential vulnerabilities in software, minimum quality standardsforsoftware, and, once the underlying market failure is remedied,liability for

end users who persist in using worm-vulnerable software.


-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] Ron Plesser, a leading cyberlawyer in DC, passed away Thursday
Next by Date: [IP] Ron Plesser
Previous by thread: [IP] Ron Plesser, a leading cyberlawyer in DC, passed away Thursday
Next by thread: [IP] Ron Plesser
Index(es):
- Date
- Thread