@keithzg @[email protected] In software, the market rewards delivering features quickly and actually punishes teams who want to produce secure, reliable code.

Introducing liability would go a long way toward promoting #infosec by reducing those perverse incentives.

@Duquette @keithzg @[email protected]

1/2

No, it's not unique to software development though in software development the problem is particularly acute.

Consider physical security. If there is no lock on the front door and all the windows are left open, that is immediately obvious and some people will speak up.

When a web app generates weak session IDs or doesn't check inputs before handing them off to the database, that failure is invisible to the average user.

@Duquette @keithzg @[email protected]

2/2

Cars and airplanes have a similar problem which is mitigated by both regulatory bodies and liability.

Getting into a car or onto an airplane, I have no way to notice design or maintenance problems but can still ride with confidence because I know a few things:

- There are rigorous standards.
- There are inspections and enforcement bodies.
- Manufacturers know they will be sued if they fuck up too badly.