Could a vulnerability tax work?

The new Apple security chief believes a vulnerability tax could really help make software safer. Could it work?

James Lyne, Sophos security expert, said the introduction of a tax could help "raise the bar" so software developers would be compelled to improve security in their products.

However, any tax project would need to be dealt with carefully to avoid damaging new product development," Lyne told IT PRO.

"Such an initiative had to be managed carefully however, many brilliant technology platforms generating business value start of life as underdeveloped, under resourced applications," the young security expert said.

"Stifling innovation has to be considered too."

Lyne agreed with Rice that there was no such thing as "perfect software."

So, whilst the initiative could not eliminate the issue, it could at least improve the situation.

"This tax is actually more in the category of regulation, trying to make sure companies make appropriate investment to manage the risk (presumably commensurate with resources)," Lyne added.

"Regulation can be effective but needs to be handled carefully to avoid adverse effects."

He said it was nevertheless positive that Apple was "standing up and wanting to build transparency and drive investment."

Outside of companies, secure development practices should be instilled in education as well, Lyne said. He claimed many academic bodies were not doing enough to cover this topic.

It seems a vulnerability tax is an interesting concept one that could really shake things up. Yet the idea clearly needs some more thought if it is to ever be implemented.

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Evaluate your order-to-cash process

15 recommended metrics to benchmark your O2C operations

Download now

AI 360: Hold, fold, or double down?

How AI can benefit your business

Download now

Getting started with Azure Red Hat OpenShift

A developer’s guide to improving application building and deployment capabilities

Download now

Most Popular

School laptops sent by government arrive loaded with malware
malware

School laptops sent by government arrive loaded with malware

21 Jan 2021
How to move Windows 10 from your old hard drive to SSD
operating systems

How to move Windows 10 from your old hard drive to SSD

21 Jan 2021
What is the Raspberry Pi Pico?
Hardware

What is the Raspberry Pi Pico?

21 Jan 2021