Eugene Volokh is blogging on security and the reliance on software for use in critical industries. This is a potentially serious problem that Computer Security experts have been talking about for years. There are a couple of reasons why I think that little or nothing will be done in this area.
Number one is the expense. Vetting all sourcecode used by a company to run critical functions is extremely expensive. You have to hire people who can actually spot problems. This is far easier said than done and it takes a great deal of time. That is if you are even able to get hold of the sourcecode to look at it. Companies like Microsoft don't just share their sourcecode with anyone. When sourcecode is the "crown jewel" of your company, it's highly unlikely you're going to turn it over to someone else to go over with a fine tooth comb.
Number two is apathy. This is an even bigger problem than Number one. You aren't going to be able to convince people there is a problem until something actually happens. And maybe not even then. Those who try to try to forward the cause of secure computing are often brushed off as hysterical, sky is falling types. People who have no problem locking doors, barring windows, setting alarms seem to be quite unable to grasp the fact that a simple computer hookup can leave their company wide open to criminals.
No - unless you can change people's mindset to include computers as a source of more problems than just having to reboot when the screen freezes, you won't be changing the way software is used in critical operations.
Comments