O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Geekonomics: The Real Cost of Insecure Software

Book Description

“The clarity of David’s argument and the strength of his conviction are truly inspiring. If you don’t believe the world of software affects the world in which you live, you owe it to yourself to read this book.”
–Lenny Zeltzer, SANS Institute faculty member and the New York Security Consulting Manager at Savvis, Inc.

Geekonomics stays with you long after you finish reading the book. You will reconsider every assumption you have had about software costs and benefits.”
–Slava Frid, Gemini Systems, CTO, Resilience Technology Solutions

“Information Security is an issue that concerns governments, companies and, increasingly, citizens. Are the computer systems and software to which we entrust our sensitive and critical information, technologies that are out of control? David Rice has written an important and welcome book that goes to the heart of this issue, and points to solutions that society as a whole needs to debate and embrace.”
–Nick Bleech, IT Security Director, Rolls-Royce

“If you are dependent upon software (and of course, all of us in the modern world are) this book is a fabulous discussion of how and why we should worry.”
–Becky Bace

The Real Cost of Insecure Software

•   In 1996, software defects in a Boeing 757 caused a crash that killed 70 people…

•   In 2003, a software vulnerability helped cause the largest U.S. power outage in decades…

•   In 2004, known software weaknesses let a hacker invade T-Mobile, capturing everything from passwords to Paris Hilton’s photos…

•   In 2005, 23,900 Toyota Priuses were recalled for software errors that could cause the cars to shut down at highway speeds…

•   In 2006 dubbed “The Year of Cybercrime,” 7,000 software vulnerabilities were discovered that hackers could use to access private information…

•   In 2007, operatives in two nations brazenly exploited software vulnerabilities to cripple the infrastructure and steal trade secrets from other sovereign nations…

Software has become crucial to the very survival of civilization. But badly written, insecure software is hurting people–and costing businesses and individuals billions of dollars every year. This must change. In Geekonomics, David Rice shows how we can change it.

Rice reveals why the software industry is rewarded for carelessness, and how we can revamp the industry’s incentives to get the reliability and security we desperately need and deserve. You’ll discover why the software industry still has shockingly little accountability–and what we must do to fix that.

Brilliantly written, utterly compelling, and thoroughly realistic, Geekonomics is a long-overdue call to arms. Whether you’re software user, decision maker, employee, or business owner this book will change your life…or even save it.

The Alarming Cost of Insecure, Badly Written Software...

and How to Finally Fix the Problem, Once and for All!

Six billion crash test dummies: why you’re at greater risk than you ever imagined.

You pay the price: why consumers are legally and financially responsible for the mistakes of software manufacturers.

Broken windows: how software promotes epidemic cyber crime and threatens national security.

Who runs the show?: Why software manufacturers fought against the U.S. Food and Drug Administration’s attempts to protect the U.S. blood supply.

Protecting national infrastructure: real incentives for transforming software manufacturing.

Surviving the information superhighway: practical, must-read advice in a world of insecure code.

Preface xiii

Acknowledgments xix

About the Author xx

Chapter 1: The Foundation of Civilization 1

Chapter 2: Six Billion Crash Test Dummies: Irrational Innovation and Perverse Incentives 19

Chapter 3: The Power of Weaknesses: Broken Windows and National Security 73

Chapter 4: Myopic Oversight: Blinded by Speed, Baffled by Churn 131

Chapter 5: Absolute Immunity: You Couldn’t Sue Us Even If You Wanted To 179

Chapter 6: Open Source Software: Free, But at What Cost? 243

Chapter 7: Moving Forward: Rational Incentives for a Different Future 273

Epilogue 321

Notes 325

Index 341

Table of Contents

  1. Copyright
    1. Dedication
  2. Praise for Geekonomics: The Real Cost of Insecure Software
  3. Preface
  4. Acknowledgments
  5. About the Author
  6. 1. The Foundation of Civilization
    1. Software and Cement
    2. In the Shadow of Utility
    3. Fragile Analogies
  7. 2. Six Billion Crash Test Dummies: Irrational Innovation and Perverse Incentives
    1. The Story of Crash Test Dummies
    2. Five Stars and Rising
    3. You Can Learn a Lot From a Dummy
    4. Private Benefits, Social Costs
    5. Market Failure Martini, Straight Up
    6. The Need for Speed
    7. The Perversity of Patching
    8. Irrationally New
    9. Market Failure Martini, with a Twist of Lemon
    10. Wrap Up: The Martini Hangover
  8. 3. The Power of Weaknesses: Broken Windows and National Security
    1. Only the Stupid Are Caught
    2. An Underground Market
    3. Numbers Don’t Always Measure
    4. Fraud and Terror
    5. Information’s War
    6. The Theory of Broken Windows
    7. Broken Upon Receipt
    8. Blind Risk
    9. Enter the Dragons
    10. Evil Inside
    11. Fixing Broken Windows
  9. 4. Myopic Oversight: Blinded by Speed, Baffled by Churn
    1. The Law of Churn, the Decree of Speed
    2. Free Hands Have Consequences
    3. X-Rays Show More Than You Think
    4. Don’t Slow Us Down, We Have Lives to Save
    5. Discovered Only After the Damage Is Done
    6. Knobs of Unknown Origin
    7. We’ll Be Compliant, Later
    8. Speed Blind
    9. You Can Learn a Lot From an Interstate Highway System
    10. A Matter of Trust
    11. One of Skill in the Art
  10. 5. Absolute Immunity: You Couldn’t Sue Us Even If You Wanted To
    1. The Forces of Failure
    2. Absolution for Dereliction
    3. Victims of a Border War
    4. Duty, Breach, Cause, Damage
    5. Teleporting Tigers
    6. The Least-Cost Avoider
    7. Negligence Versus Strict Liability
    8. Stripping Immunity
    9. Strict Liability and Aeronautical Charts
    10. The Tort of Negligent Enablement of Cyber Crime
    11. The Verdict...
  11. 6. Open Source Software: Free, But at What Cost?
    1. Open and Shut
    2. The History of Free and Open
    3. An Incentive to Itch
    4. The Question of Sustainable Security
    5. Distributed Immunity: No Body to Kick, No Soul to Condemn
    6. Doffing the Wizard Hats
  12. 7. Moving Forward: Rational Incentives for a Different Future
    1. Hands-off
    2. An Inconvenient Tort
    3. One Ring to Rule Them All
    4. The Great Screw
    5. A Market for Weakness
    6. Closure
  13. Epilogue
  14. Notes
    1. Preface
    2. Chapter 1
    3. Chapter 2
    4. Chapter 3
    5. Chapter 4
    6. Chapter 5
    7. Chapter 6
    8. Chapter 7
    9. Chapter 8