Mark Hosey

West Central Scotland

R&D

Doesn't all this apparently successful activity by hackers point to a lax attitude by software writers? Is it not about time for the introduction of a European standard that clearly defines acceptable levels of security that all software must attain before European marketing of those products?
After all, every aperture in every building in Europe is filled with a product that meets minimum safety and security standards. Doors, glass, window frames, locks, bolts hinges, sealants etc all meet certain minimum standards.
Well I consider my PC connection to be another front door on my house connecting it to the outside world. The last thing I want is some shoddy product on my PC that leaves me and my family vulnerable to criminal activity. How would you react if you bought a door with a non-compliant lock which, if banged hard enough popped open giving the world access to all your possessions? And how do you think the insurance companies would react? They wouldn't pay the insurance claim of course!
So why do we blithely accept the equivalent low level of security with the software we buy. It's not as though the software writers can't make their products secure. Often they do, retrospectively by issuing bug fixes but they should be secure from day 1. Correctly drafted, controlled and audited standards can ensure that all of the common security flaws exploited by hackers but left there by amateur, lazy or incompetent writers are reduced to manageable levels.
Standards work for all other industries, so why not software, and why aren’t the insurance companies driving for it?