Follow-up to Insecure Code Accountability
My last post discussed former Cybersecurity Chief Howard Schmidt's proposal to hold software developers accountable for insecure code. I stated that Mr. Schmidt exhibited a fundamental misunderstanding of how software development works. On Sunday, Bruce Schnieier took a different approach by discussing the economics of software purchasing & development, and how these realities mean such an approach wouldn't work. An interesting read.