Here are a couple more links stolen from Economist's view:
David Leonhardt: What else [i.e., aside from the war on Iraq] can you buy with $1.2 trillion? [via]: The human mind isn’t very well equipped to make sense of a figure like $1.2 trillion. We don’t deal with a trillion of anything in our daily lives, and so when we come across such a big number, it is hard to distinguish it from any other big number. Millions, billions, a trillion — they all start to sound the same.
The way to come to grips with $1.2 trillion is to forget about the number itself and think instead about what you could buy with the money. When you do that, a trillion stops sounding anything like millions or billions.
* * *
Bruce Schneier: Information security and externalities [via]: Fundamentally, the issue is insecure software. It is a result of bad design, poorly implemented features, inadequate testing and security vulnerabilities from software bugs. The money we spend on security is to deal with the myriad effects of insecure software. Unfortunately, the money spent does not improve the security of that software. We are paying to mitigate the risk rather than fix the problem.
The only way to fix the problem is for vendors to improve their software. ... But they will not do this until it is in their financial best interests to do so. And so far, it is not. The reason is easy to explain. ... Vendors try to balance the costs of more secure software -- extra developers, fewer features, longer time to market -- against the costs of insecure software: expense to patch, occasional bad press, potential loss of sales.
So far, so good. But what the vendors do not look at is the total costs of insecure software; they only look at what insecure software costs them. And because of that, they miss a lot of the costs: all the money we, the software product buyers, are spending on security. In economics, this is known as an externality: the cost of a decision that is borne by people other than those taking the decision.
0 Comments:
Post a Comment