Who is liable for insecure systems?

Computer

Volumn 37, Issue 7, 2004, Pages 27-34

  Mead, Nancy R ^a,b  

^a CARNEGIE MELLON UNIVERSITY   (United States)

^b CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

COMPUTER CRIME; COMPUTER NETWORKS; COMPUTER SOFTWARE; COMPUTER SOFTWARE MAINTENANCE; COMPUTER SYSTEMS; PRODUCT LIABILITY; REGISTRATION OF ENGINEERS; SECURITY SYSTEMS; SOFTWARE ENGINEERING;

COMPUTER NETWORK SECURITY; COMPUTER SOFTWARE QUALITY; CORRUPTED DATA; DATA QUALITY; SOFTWARE ENGINEER CERTIFICATION; SOFTWARE ENGINEER LICENSING; SOFTWARE PACKAGE COTS;

SECURITY OF DATA;

EID: 3242785761     PISSN: 00189162     EISSN: None     Source Type: Trade Journal    
DOI: 10.1109/MC.2004.69     Document Type: Article

References (20)

1. E. Kenneally, "The Byte Stops Here: Duty and Liability for Negligent Internet Security," Computer Security J., vol. 16, no. 4, Fall 2000, pp. 1-26.
2. T.C. Redman, "Opening Statement," Cutter IT J., Jan. 2003, pp. 2-5.
3. R.W. Pautke, "To Clean or Not to Clean, That Is the Question," Cutter IT J., Jan. 2003, pp. 11-12.
4. K. Reed, "Good Enough Is Not Good Enough," IEEE Software, Sept.-Oct. 2003, p. 109.
5. U. Lindqvist and E. Jonsson, "A Map of Security Risks Associated with Using COTS," Computer, June 1998, pp. 60-66.
6. D. Davis, "Legal Aspects of Safety Critical Systems," Proc. 14th Int'l Conf. Computer Safety, Reliability and Security, Springer, 1995, pp. 156-170.
7. M.J. Radin, "Distributed Denial of Service Attacks: Who Pays?" Computer Economics Report, Int'l Ed., Aug. 2001, pp. 12-15.
8. R. Weiler, "Decision Support: You Can't Outsource Liability for Security," Information Week, Aug. 2002; www.informationweek.com/story/IWK20020822S0003.
9. D.J. Ryan, "Two Views on Security Software Liability: Let the Legal System Decide," IEEE Security & Privacy, Jan.-Feb. 2003, pp. 70-72.
10. E. Kenneally, "Who's Liable for Insecure Networks?" Computer, June 2002, pp. 93-94.
11. C. Heckman, "Two Views on Security Software Liability: Using the Right Legal Tools," IEEE Security & Privacy, Jan.-Feb. 2003, pp. 73-75.
12. M.J. Dively, "The Uniform Computer Information Transactions Act," 2003; www.nccusl.org/nccusl/ucita/ucita/BusLawAdvisor.pdf.
13. The National Conference of Commissioners on Uniform State Laws, Nov. 2003, Uniform Law Commissioners; www.nccusl.org/.
14. The National Conference of Commissioners on Uniform State Laws, UCITA 2002 Revisions Memorandum and Chart; 23 Aug. 2003; www.nccusl.org/nccusl/ucita/UCITA2602MO∠dART.pdf.
15. L.D. Paulson, "Proponents Drop Support for Controversial Software Proposal," Computer, Oct. 2003, p. 18.
16. M. Howard and S. Lipner, "Inside the Windows Security Push," IEEE Security & Privacy, Jan.-Feb. 2003, pp. 57-61.
17. D. Geer et al., "CyberInsecurity: The Cost of Monopoly-How the Dominance of Microsoft's Products Poses a Risk to Security," 24 Sept. 2003; www.ccianet.org/papers/cyberinsecurity.pdf.
18. J. Krim, "Suit Holds Microsoft Responsible for Worm Holes," Washington Post, 3 Oct. 2003, p. E05.
19. H.F. Lipson, N.R. Mead, and A.P. Moore, "Can We Ever Build Survivable Systems from COTS Components?" tech. report CMU/SEI-2001-TN-030, Software Eng. Inst., Carnegie Mellon Univ., Dec. 2002; www.sei.cmu.edu/publications/documents/01.reports/01tn030.html.
20. D. Geer, K. Soo Hoo, and A. Jaquity, "Information Security: Why the Future Belongs to the Quants," IEEE Security & Privacy, July-Aug. 2003, pp. 24-32.