On Mon, 19 Mar 2007, Crispin Cowan wrote: > Since many users are economically motivated, this may explain why users > don't care much about security :)
But... but... but... I understand the sentiment, but there's something missing in it. Namely, that the costs related to security are not really quantifiable yet, so consumers are not working with the best information. Then there's simple lack of understanding, such as that exmplified by an individual consumer - their computer gets really bogged down and slow, and they don't know what's happening, so they go buy a new computer, when it was "just" a ton of spyware from surfing habits that they didn't know were unsafe, or they were running some zombie that was sucking up all their bandwidth for warez distribution. > > Eventually I think they'll get fed up and there'll be a consumer uprising. > > > Why do you think it will be an uprising? Why not a gradual shift of the > vendors just get better, exactly as fast as the users need them to? I really really wish for an uprising, but unfortunately I'm not too optimistic right now. Off the top of my head, I can't think of any consumer uprisings in other industries, although the US' recent decline in fuel-inefficient vehicles is sort of close. Didn't some large brick-and-mortar companies heavily criticize the software industry a couple years ago? I don't know how that played out. - Steve _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
