This Is Why I Teach My Law Students How to Hack
https://www.nytimes.com/2023/05/23/opinion/cybersecurity-hacking.html
Scott J. Shapiro notes:
Consider legal liability. The law offers few incentives for software developers to write better, more secure code. It rarely imposes substantial penalties for data breaches, which means that tech companies lack a financial motivation to take security seriously. The median American company budgets 10 percent for I.T., and 24 percent of that on security. That’s roughly 2 percent earmarked for protecting activities that companies understand, rightly, to be critical to their operations.
We can change that business calculus. We should, for example, hold software companies financially responsible for negligently building insecure software, a proposal recently endorsed by President Biden’s National Cybersecurity Strategy. Instead of shelling out money for private companies to fix bad technology, legislators should get them to produce good technology in the first place.
https://www.nytimes.com/2023/05/23/opinion/cybersecurity-hacking.html
Scott J. Shapiro notes:
Consider legal liability. The law offers few incentives for software developers to write better, more secure code. It rarely imposes substantial penalties for data breaches, which means that tech companies lack a financial motivation to take security seriously. The median American company budgets 10 percent for I.T., and 24 percent of that on security. That’s roughly 2 percent earmarked for protecting activities that companies understand, rightly, to be critical to their operations.
We can change that business calculus. We should, for example, hold software companies financially responsible for negligently building insecure software, a proposal recently endorsed by President Biden’s National Cybersecurity Strategy. Instead of shelling out money for private companies to fix bad technology, legislators should get them to produce good technology in the first place.