[Owasp-leaders] EU Cybersecurity plan to protect open internet and online freedom and opportunity

Mauro Flores mauro.flores at owasp.org
Sun Feb 10 03:01:12 UTC 2013


A couple of midnight thoughts about this topic. First of all, no one can
be 100% sure that is not leaving a bug on his code that may lead to a
security/privacy breach, so how can we make the developers liable for
something that no one can do 100% error free?? 
I know is much more difficult to settle, but the main point here is to
be sure that software companies are not negligent about security. If
they took all the mesures (train the developers, put a security
specialist on the team, set security specifications, test the code, etc)
and even all that, they leave a bug... ok it's a honest mistake and no
one should be liable for making mistakes. On the other hand, if the
software company never even consider the security on they code, or they
did but in a very "light" way, then they are being negligent and they
should be liable... something like they do with doctors and bad practice
of medicine.
My 2 cents.
 
regards, Mauro Flores

El sáb, 09-02-2013 a las 15:14 +0100, Ludovic Petit escribió:

> much appreciated Colin, interesting topic isn't it?
> 
> I come back later guys
> 
> 
> Le 9 févr. 2013 15:00, "Colin Watson" <colin.watson at owasp.org> a
> écrit :
> 
>         Ludovik
>         
>         Of course - I was just helping make sure you write a long blog
>         post!
>         Real statistics are difficult to get hold of, and if France
>         has some
>         useful data on incidents, it would be good to know.
>         
>         Best regards
>         
>         Colin
>         
>         On 9 February 2013 13:47, Ludovic Petit
>         <ludovic.petit at owasp.org> wrote:
>         > Hi Colin,
>         >
>         > It's related to hacking of networks/apps and data Privacy.
>         >
>         > In fact, EC and btw lots of member states such as France for
>         instance,
>         > focus now and more and more on Data Privacy... through the
>         evolving
>         > remaining legal arsenal that aims to reinforce constraints
>         about protecting
>         > networks and (sensible) infrastructures.
>         >
>         > I'll give you an update this evening with a pragmatic
>         example, dated 2007 if
>         > my memory serves me well,  taken from UK and the House of
>         Lords about
>         > 'Dev/Sw makers held liable for code?'. you guys will quickly
>         understand the
>         > perspective and why I sent this post, because Owaspers have
>         to keeo a sharp
>         > eye on tjis legal matter as well.
>         >
>         > Le 9 févr. 2013 14:34, "Colin Watson"
>         <colin.watson at owasp.org> a écrit :
>         >
>         >> Hi Ludovic
>         >>
>         >> On 9 February 2013 13:29, Ludovic Petit
>         <ludovic.petit at owasp.org> wrote:
>         >> > mandatory disclosure delay about breaches/incidents in
>         France is... 24
>         >> > hours
>         >>
>         >> Interesting. Breaches of exactly what?
>         >> Law/regulation/confidentiality/integrity/availability/etc?
>         Is there a
>         >> minimum threshold (e.g. seriousness of event) for
>         reporting?
>         >>
>         >> And more importantly, are there any available data on the
>         >> number/frequency/size/cause of these mandatory disclosures?
>         >>
>         >> Colin
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20130210/2e372773/attachment.html>


More information about the OWASP-Leaders mailing list