What I find surprising is that there are a lot of steps between a free-for-all and state intervention through regulation that those experts seemed to have skipped altogether, such as voluntary auditing, state-sponsored industry initiatives to specify best practices, invest in the development of static analysis tools and memory profilers, or making vulnerable companies liable for the consequences of attacks.
But no, they jumped straight into state-imposed regulation. Because keeping people out is a solution?
There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the “right” direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)
All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.
Because industries don’t do shit until forced to. People have been writing code for decades and virtually nothing has been done on this topic, so government has to regulate.
Let’s ask Boeing about self regulation, for instance
What I find surprising is that there are a lot of steps between a free-for-all and state intervention through regulation that those experts seemed to have skipped altogether, such as voluntary auditing, state-sponsored industry initiatives to specify best practices, invest in the development of static analysis tools and memory profilers, or making vulnerable companies liable for the consequences of attacks.
But no, they jumped straight into state-imposed regulation. Because keeping people out is a solution?
There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the “right” direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)
All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.
Because industries don’t do shit until forced to. People have been writing code for decades and virtually nothing has been done on this topic, so government has to regulate.
Let’s ask Boeing about self regulation, for instance