CHAPTER 8Economics
The great fortunes of the information age lie in the hands of companies that have established proprietary architectures that are used by a large installed base of locked-in customers.
– CARL SHAPIRO AND HAL VARIAN
There are two things I am sure of after all these years: there is a growing societal need for high assurance software, and market forces are never going to provide it.
– EARL BOEBERT
The law locks up the man or woman Who steals the goose from off the common But leaves the greater villain loose Who steals the common from the goose.
– TRADITIONAL, 17th CENTURY
8.1 Introduction
Round about 2000, we started to realise that many security failures weren't due to technical errors so much as to wrong incentives: if the people who guard a system are not the people who suffer when it fails, then you can expect trouble. In fact, security mechanisms are often designed deliberately to shift liability, which can lead to even worse trouble.
Economics has always been important to engineering, at the raw level of cost accounting; a good engineer was one who could build a bridge safely with a thousand tons of concrete when everyone else used two thousand tons. But the perverse incentives that arise in complex systems with multiple owners make economic questions both more important and more subtle for the security engineer. Truly global-scale systems like the Internet arise from the actions of millions of independent principals with divergent interests; we ...
Get Security Engineering, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
