Suche innerhalb des Archivs / Search the Archive All words Any words

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[] Tech Industry Begs for Oversight,
Das Thema des Heise-Artikels "US-Sicherheitsexperten fordern bessere 
Ausbildung für Softwareentwickler [02.04.2004 11:57]" in auführlicherer 
Form bei Wired. 

James Lewis vom CSIS fasst es so zusammen: Die IT-Industrie sei zur 
Erkenntnis gelangt "that absent some kind of pressure, software isn't 
going to get better." 
Damit die Software-Insdustrie dem auch nachkommen kann, beinhaltet ihr 
Forderungskatalog an die Regierung: "Providing unspecified incentives to 
companies for reducing software defects." Ob das heißen soll, dass z.B. 
Microsoft den Internet Explorer sicher macht, wenn es im Gegenzug 
vielleicht Sonderabschreibungsmöglichkeiten gibt? 
Immerhin erkennt das zumindest einst wirtschaftslibertäre Silicon Valley 
auch an, dass staatliche Intervention manchmal geboten ist. Das ist ein 
Wandel. Noch 1998 hatte Thomas Friedman diesen vaterlandslosen Gesellen 
("We are not an American company. We are I.B.M. U.S., I.B.M. Canada, 
I.B.M. Australia, I.B.M. China.")  in seiner NY-Times-Kolumne vorgeworfen, 
sie würden nur Elektronen und Stock Options kennen, dem Staat jegliche 
Ansprüche abstreiten und die Grundregel der Globalisierung verleugnen: 
"The hidden hand of the global market would never work without the hidden 
fist." Nun den Staat geradewegs dazu zu drängen, dem Markt Verpflichtungen 
aufzugeben, läßt auf einen Paradigmenwechsel in der Softwareindustrie 
schließen. Oder auf viele Regierungsaufträge. Oder beides.

Tech Industry Begs for Oversight 
Associated Press

Story location:,1283,62908,00.html

03:35 PM Apr. 01, 2004 PT

WASHINGTON -- In a surprise shift, leading software companies acknowledge 
in a report to the Bush administration that government might need to force 
the U.S. technology industry to improve the security of America's computer 

The companies, including Microsoft and Computer Associates International, 
said the Homeland Security Department "should examine whether tailored 
government action is necessary" to compel improvements in the design of 
computer software.

The 250-page report containing that recommendation and dozens more was 
being released Thursday. It cautioned that government should require 
security improvements only when market forces fail. It also said 
businesses already are demanding software that is safer and more resilient 
to attacks.

But the report said the most sensitive computer networks -- such as those 
operating banks, telephone networks or water pipelines -- "may require a 
greater level of security than the market will provide."

In those cases, the software companies recommend "appropriate and tailored 
government action that interferes with market innovation on security as 
little as possible." It urged the government to work with companies to 
produce a formal study during the 2005 fiscal year, which begins in 

The public acknowledgment that any level of new government regulation 
might be needed to improve software security represents an important shift 
by the technology industry. It has vigorously contested mandates from 
Washington during the past decade, even in the face of increasingly 
devastating attacks by new generations of hackers and viruses.

"That's a big lean in the right direction," said Alan Paller of the SANS 
Institute in Bethesda, Maryland, a computer-security organization. "It's a 
nod to reality; they're nodding but they've got their heels dug in."

The industry recommendations were solicited by the Homeland Security 
Department's cybersecurity division in December.

The report was put together by experts who included representatives from 
the Defense Department, National Security Agency, technology companies and 
universities. The group was organized by executives at Microsoft and 
Computer Associates.

"When you look at the key recommendations of the report, the road ahead is 
for government and industry to establish a vision for how we can take 
steps going forward to make the cyber infrastructure safer," said 
co-chairman Scott Charney, Microsoft's chief security strategist.

James Lewis of the Washington-based Center for Strategic and International 
Studies, who also participated, described the industry's shift as 
"recognition that absent some kind of pressure, software isn't going to 
get better."

The report did not recommend whether companies should be made legally 
liable over shabby software, except to note that "vendors are avoiding 
almost all liability for any damages done or expenses caused to their 
customers and users from software security problems."

Co-chairman Ron Moritz, the chief security strategist at Computer 
Associates, said questions about liability were too complicated to be 
included in the report.

Other recommendations include:

Spending at least $12 million, including $6 million in government money, 
during the next 19 months for a dozen new academic fellowships nationwide 
to teach future computer engineers to design safer software.

Providing unspecified incentives to companies for reducing software 

Offering bounties for information leading to the conviction of hackers 
and virus writers.

Establishing a cybersecurity report card for operators of the most 
important computer networks.

Setting up a government laboratory to keep track of software repairing 
patches and test how effectively they work.
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.