The Case for Regulating Quality within Computer Security Applications
Abstract
Computer security applications (CSAs) are essential for ensuring information security across insecure mediums such as the Internet, however despite the reliance placed upon them empirical evidence and case studies indicate that they suffer similar quality concerns to the broader software industry. This paper identifies two key reasons for this. The first is that private law and compensation are unable in their current form to raise quality within CSAs. The second is that the public good characteristics of CSAs, and the negative network externalities that defective CSAs exhibit, are addressable through regulation only. There are two types of defect, those that are known to the CSA vendor and those that are not. This paper therefore proposes a two stage-approach towards addressing these. The first stage is to raise the benchmark of CSA quality by mandating the use of standardised software engineering methodologies through use of the European standardisation framework. Thereby ensuring that CSAs are released to the market without known defects. The second stage is to mandate the disclosure of exploitable defects identified post software release by leveraging the proposed European Network and Information Security Directive.
Downloads
Published
Issue
Section
License
EJLT is an open access journal, aiming to disseminate academic work and perspectives as widely as possible to the benefit of the author and the author’s readers. It is the assumption of the EJLT that authors who publish in the journal wish their work to be available as freely and as widely as possible through the open access publishing channel.
Authors who publish with EJLT will retain copyright and moral rights in the underlying work but will grant all users the rights to copy, store and print for non-commercial use copies of their work. Commercial mirroring may also be carried out with the consent of the journal. The work must remain as published – without redaction or editing – and must clearly state the identity of the author and the originating EJLT url of the article. Any commercial use of the author’s work - apart from mirroring - requires the permission of the author and any aspects of the article which are the property of EJLT (e.g. typographical format) requires permission from EJLT.
Authors can sometimes become no longer contactable (through, for example, death or retirement). If this occurs, any rights in the work will pass to the European Journal of Law and Technology which will continue to make the work available in as wide a manner as possible to achieve the aims of open access and ensuring that an author's work continues to be available. An author - or their estate - can recover these rights from EJLT by providing contact information.
The European Journal of Law and Technology holds rights in format, publication and dissemination.
EJLT, as a non-commercial organisation - which receives donations to allow it to continue publishing – must retain information on reader access to journal articles. This means that we will not give permission to mirror the journal unless we can be provided with full details as to reader access to each and every journal article. We prefer and encourage deep linking rather than mirroring. Encouragement is thus given for all users – commercial and non-commercial – to provide indexes and links to articles in the EJLT where the index or link points to the location of the article on the EJLT server, rather than to stored copies on other servers.
Please contact the European Journal of Law and Technology if you are in any doubt as to what this statement of use covers.