Externalities are crucial for the software industry

Externalities exist in any business. We are very familiar by now with the externalities of the manufacturing industries – air and water pollution, noise pollution, depletion of resources etc. But what about the software industry? How bad is the industry’s addiction to the externalities?

In economics, an externality is a cost or benefit which affects a party who did not choose to incur that cost or benefit.[1]

For example, manufacturing activities which cause air pollution impose health and clean-up costs on the whole society, while the neighbors of an individual who chooses to fire-proof his home may benefit from a reduced risk of a fire spreading to their own houses. If external costs exist, such as pollution, the producer may choose to produce more of the product than would be produced if he were required to pay all associated environmental costs. If there are external benefits, such as in public safety, less of the good may be produced than would be the case if the producer were to receive payment for the external benefits to others. For the purposes of these statements, overall cost and benefit to society is defined as the sum of the imputed


Read the full article ->

Software Security Philosophy

What is “security”? Well, not in broad sense, that is, but in software security? What does it mean: to develop secure software? What do we understand to fall into the realm of software security?

I tell you what I mean when I say “software security”. For me, the software security means to bring the intent of the original designer to the customer.

This is very simple. The designer had some idea in mind when designing the software. He had some intention for the software to function in a particular way. That mental picture is translated into design, brought over into development, translated into source code, translated into binary, delivered, installed and configured at the csutomer’s site. And our task is to ensure that what operates now at the customer’s site reflects exactly what developer had in mind. If it does not – we have a breach of security.

I know that this is a very broad definition and it encompasses many areas traditionally thought to be outside the realm of security. Some people do not like that. But in my view, this is much simpler to act on than to try and define the precise separation of realms.

Take …
Read the full article ->