MAY 24, 2019 | US
Progress in Cybersecurity: Toward a System of Measurement
Lawfare, May 24, 2019
By Paul Rosenzweig
From Paul Rosenzweig, Senior Fellow at R Street Institute: Recently, BSA released its new Framework for Secure Software. The framework is advanced as a way of assessing and measuring the security of software products along the entire lifecycle of a piece of software—from conception and design to patching and replacement, along with everything in between. Two aspects of this effort are noteworthy and commendable. First, the document is notable simply for its existence. Historically, the software industry (and the hardware industry) have disclaimed any liability for the functioning of their products. At a broader societal scale, there are reasons to think that's the wrong answer, but there is also a good economic reason why the industry might take that view. And so, it is really quite remarkable (and politically brave) for the software industry to articulate any standards at all—for in doing so they will, inevitably, be inviting someone to suggest that those standards are enforceable in law to the disbenefit of industry members. Self-regulation is a good thing—but it carries with it some risks. Good on BSA for moving ahead anyway.
BSA | The Software Alliance (www.bsa.org) is the leading advocate for the global software industry before governments and in the international marketplace. Its members are among the world’s most innovative companies, creating software solutions that spark the economy and improve modern life.
With headquarters in Washington, DC, and operations in more than 30 countries, BSA pioneers compliance programs that promote legal software use and advocates for public policies that foster technology innovation and drive growth in the digital economy.