
To view parent comment, click here.
To read all comments associated with this story, please click here.
I'm not saying it's right, but if we're all honest with one another, very few companies will make security a priority until information about insecurity reaches the public.
For companies where security doesn't drive sales, there's little incentive to be secure except to avoid public embarrassment after the fact. Whether we like it or not, going public is an effective way to motivate companies to enhance security *immediately*.
What is the solution for the lack of motivation otherwise?
More liability? I don't like the thought, but we can debate that.
Security regulation? I have doubts about the effectiveness of this.
A legal time frame after which security consultants are allowed to go public? I think this could work in a fair way, but it would never fly.
Let the public decide adequate security? Obviously this can only work if the public are aware of the relative security of competing companies, but it's hopeless if companies themselves don't even know where they stand, or they lie deliberately to customers.
What is the answer?
Apple's official policy was to deny the existance of malware they where finding on customer's computers when braught in for support.
- Do not aknowledge the existance of malware
- Do not fix the malware unless specifically asked to by the customer
It was not until public disclosure braught enough pressure from the consumer base that Apple publicly admitted knowledge of the problem and took steps to address it. The business PR image was more important than the customer's safety until customer's awareness threatened Apple's future product sales.
Member since:
2011-05-12
The shade of grey could very rapidly become a lot darker if you were considered an accessory to a crime tho