• lysdexicOPM
    link
    fedilink
    English
    arrow-up
    2
    ·
    8 months ago

    What I find surprising is that there are a lot of steps between a free-for-all and state intervention through regulation that those experts seemed to have skipped altogether, such as voluntary auditing, state-sponsored industry initiatives to specify best practices, invest in the development of static analysis tools and memory profilers, or making vulnerable companies liable for the consequences of attacks.

    But no, they jumped straight into state-imposed regulation. Because keeping people out is a solution?

    • Tobias Hunger
      link
      fedilink
      arrow-up
      2
      ·
      8 months ago

      There is no regulation at this time. There may not be regulation ever. Before there is any regulation we will see nudging into the “right” direction. Suggesting that companies define a memory safety roadmap could be considered as the very first nudge, or maybe not:-)

      All I wanted to say is that ignoring the possibility of regulation in such a text seems a bit short-sighted to me.

    • Miaou@jlai.lu
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Because industries don’t do shit until forced to. People have been writing code for decades and virtually nothing has been done on this topic, so government has to regulate.

      Let’s ask Boeing about self regulation, for instance