• NaibofTabr@infosec.pub
    link
    fedilink
    English
    arrow-up
    47
    arrow-down
    2
    ·
    4 months ago

    So why not outlaw vulnerabilities?

    Of course! If we make vulnerabilities illegal, then all the programmers will make perfect software! The solution was so easy!

    • scrion@lemmy.world
      link
      fedilink
      arrow-up
      18
      arrow-down
      1
      ·
      4 months ago

      There is definitely a difference in quality when talking about import software.

      Also, “outlawing vulnerabilities” would not mean to simply assume everyone starts making perfectly secure software, but rather that you’re fined if you can’t prove your processes are up to spec and you adhered to best practices during development. Additionally, vendors are obliged to maintain their software and keep it secure.

      And surprise, surprise, the EU ratified laws that do exactly that (and more) recently. In fact, they’ll be in effect very soon:

      https://en.m.wikipedia.org/wiki/Cyber_Resilience_Act