Regulating secure software development : analysing the potential regulatory solutions for the lack of security in software
Råman, Jari (2006)
Råman, Jari
Lapin yliopisto
2006
ISBN:952-484-053-7
openAccess
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:ula-20111131030
https://urn.fi/URN:NBN:fi:ula-20111131030
Tiivistelmä
The security of our informational infrastructure is still relatively poor. Huge investments have been made and even the regulators have taken information security seriously. Majority of current efforts both at the operational and the regulatory level, however, address only symptoms of an underlying problem: the insecurity of the software products - the salient components of most information and software systems.
Secure software development has gained momentum during the past couple of years and improvements have been made. By analysing the incentives for secure software development, it is argued in this study that without appropriate regulatory intervention the level of security will not improve to meet the needs of the network society as a whole. Beside information security in general, secure software development has to be raised as an important public policy if we wish to achieve a more secure network society and to maintain trust for information products and systems in commerce.
Efficacious regulatory measures are desperately needed to change the current practices. This study analyses two of the most attractive alternatives, software product liability and disclosure of vulnerability information, and makes suggestions for their improvement.
Secure software development has gained momentum during the past couple of years and improvements have been made. By analysing the incentives for secure software development, it is argued in this study that without appropriate regulatory intervention the level of security will not improve to meet the needs of the network society as a whole. Beside information security in general, secure software development has to be raised as an important public policy if we wish to achieve a more secure network society and to maintain trust for information products and systems in commerce.
Efficacious regulatory measures are desperately needed to change the current practices. This study analyses two of the most attractive alternatives, software product liability and disclosure of vulnerability information, and makes suggestions for their improvement.
Kokoelmat
- Väitöskirjat [352]