Latest Breaking News

BumRushDaShow

(172,759 posts)

2. I think the micromanaging to that level might not be necessary

Fri Mar 3, 2023, 09:37 AM

Mar 2023

and what might be more critical is the "finished product" and it is up to whoever distributes that "finished product" to ensure the pieces of it are secure (whether it is GNU or BSD or some commercial or otherwise proprietary code or whatever).

What was interesting from the framework document was this (pg. 26 of the PDF) -

STRATEGIC OBJECTIVE 3.6: EXPLORE A FEDERAL CYBER INSURANCE BACKSTOP

When catastrophic incidents occur, it is a government responsibility to stabilize the economy and
provide certainty in uncertain times. In the event of a catastrophic cyber incident, the Federal
Government could be called upon to stabilize the economy and aid recovery. Structuring that
response before a catastrophic event occurs—rather than rushing to develop an aid package after
the fact—could provide certainty to markets and make the nation more resilient. The
Administration will assess the need for and possible structures of a Federal insurance response to
catastrophic cyber events that would support the existing cyber insurance market. In developing this
assessment, the Administration will seek input from, and consult with, Congress, state regulators,
and industry stakeholders.

The above sounds like creation of a pool of funds that companies can contribute to that can be used to mitigate financial impacts of malicious attacks against their software, forestalling some of the need to keep taking huge hits to their bottom lines after civil actions.

It's an interesting idea and would probably take time to hash out but even brainstorming use of it might be worthwhile.

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

24 replies

= new reply since forum marked as read

Highlight:

Software Maker Liability Is Elusive Target of Biden Cyber Plan [View all] BumRushDaShow Mar 2023 OP

Its a good idea, in theory pimpbot Mar 2023 #1

I think the micromanaging to that level might not be necessary BumRushDaShow Mar 2023 #2

Insurance is a good idea pimpbot Mar 2023 #3

I expect that the easiest way for nefarious individuals to get into something BumRushDaShow Mar 2023 #4

Opinion: most software is rushed out the door without adequate security testing. usonian Mar 2023 #5

I used to run NetBSD back in the day BumRushDaShow Mar 2023 #8

BSD is great stuff. usonian Mar 2023 #10

I like how the *bsd and *nixes can run on old hardware BumRushDaShow Mar 2023 #11

Wasn't RH5 the last sparc release? I recall having had that distro. usonian Mar 2023 #13

Yes because me and my mentor buddy were running 5.1 on other stuff BumRushDaShow Mar 2023 #15

Oh, you're one of THOSE people... XorXor Mar 2023 #19

Easier? Why, difficulty and inscrutability filter out the amateurs!!! usonian Mar 2023 #22

I'm actually pretty neutral on it and don't have a hard preference XorXor Mar 2023 #23

Sometimes I get into some new stuff and I'm like "man, what the hell is going on here?" usonian Mar 2023 #24

Want secure Open Source software? HariSeldon Mar 2023 #17

Gets my vote! usonian Mar 2023 #18

Holding software makers responsible for damage caused by users of their software... thesquanderer Mar 2023 #6

The devil's in the details. usonian Mar 2023 #9

Software that is marketed knowingly having flaws. Historic NY Mar 2023 #7

I don't know if holding software engineers, software companies, developers, etc. is going to SWBTATTReg Mar 2023 #12

No agency can keep up. That's the nature of agencies/any large orgnization. usonian Mar 2023 #14

I predict bipartisan opposition to this bill Fiendish Thingy Mar 2023 #16

Where does that put security testing? Oneironaut Mar 2023 #20

Didn't see much in the way of specifics on how this would work XorXor Mar 2023 #21