The National Academy of Sciences is recommending that policy-makers create laws that would hold companies accountable for security breaches resulting from vulnerable products.
In a report released last week, titled Cybersecurity Today and Tomorrow: Pay Now or Pay Later,
The researchers also called for laws that would require software makers to report security problems.
Currently, when a malicious hacker exploits a security flaw in a certain software program, a series of finger-pointing ensues, placing blame on everyone from the cracker to the researcher who discovered the problem. Usually, it's only the hacker who faces court action. The software maker, at worst, typically suffers from bad press.
In addition, companies often deny that their software has been exploited, saying they haven't heard any direct reports of security problems. Some claim a flaw discovered by a researcher is only theoretical and couldn't be duplicated in the real world.
But as security concerns mount in the wake of the September 11 attacks, more companies are evaluating the safety of their products and focusing on trust.
Just last week, Microsoft chairman Bill Gates urged his workers to make security the company's "highest priority." In the past, the company focused on adding new features to its software, sometimes at the expense of security. However, in an email sent to Microsoft employees, Gates said the company should work on making its software "so fundamentally secure that customers never even worry about it."
