Hacker News new | past | comments | ask | show | jobs | submit login

> Supposedly, the free market should correct this when consumers stop buying the flawed product.

Surely this is only true if the consumer _values_ security? Even assuming every (potential) consumer is educated enough to recognise security flaws, that doesn't necessarily mean the typical consumer will value security enough to purchase an alternative product they deem inferior in some other aspect




Arguably many consumers, even if they _could_ evaluate a product's security before purchase, wouldn't _care_ because they don't understand how it affects them. And often, the effects (DDoS nets, etc) are against someone else anyway.

I'm not sure if "tragedy of the commons" is the right term for this, but I feel it's in the ballpark. Insecure devices create a form of pollution on the internet, let's say. And perhaps we should think of them like other polluters.

Obviously pollution controls have a cost, just like security, but we all understand that it's in everyone's interest to have air we can breathe, and ultimately lowers health care cost. Likewise, it could be argued that it's in everyone's interest (and perhaps a national security priority, as well) to have devices that don't allow themselves to be taken over by arbitrary attackers.

I think these are the regulatory models we should be considering.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: