The Untrustworthy Web Services Revolution

I'm a little behind on my reading, and just got to Ken Birman's column in the February issue of IEEE Computer. It's a very clear assessment of some of the risks that society is running willy-nilly in its rush to take advantages of the very real benefits of the Web.

If spyware slows down my PC, that's inconvenient. It's a far more serious matter if vulnerabilities allow an intruder to wire-transfer my retirement savings to Nigeria, kill a patient in an intensive care unit, or launch a cruise missile from a Navy warship...

Breaking the cycle is going to require a response on many levels. The problems we're confronting have ethical, legal, and economic dimensions as well as technical ones:

* Why do kids view breaking into computer systems as a game?
* Why aren't we insisting that operators of sensitive computing systems have an obligation to maintain security, and forcing them to carry liability insurance to compensate anyone damaged by their failure to do so?
* Why is the technology economy so focused on software product quality on a per-product basis and indifferent to the inadequacies of systems built by integrating components using those products?