To Strengthen Security, Change Developers' Incentives

Many of the most common software vulnerabilities, such as buffer overflows, cross-site scripting, and misapplications of cryptography, are wholly avoidable if software makers apply an appropriate level of training, testing, and care.Yet developers today have the "wrong" incentives, often leading them to underinvest in security or even to directly harm it. If we can understand these incentives and their causes, we might be able to reshape them and radically improve security.Software makers have shown a dramatic ability to strengthen their products' security given sufficient motivation.The most famous example is Microsoft's transformation over the past decade from a security laughingstock to a leader. In 2002, stung by several widely publicized vulnerabilities across its product line, the company began a major security initiative that produced lasting changes in its priorities, processes, and culture. Gone were the days of "creating designs and code that emphasize features over security." Yet changes like these are exceptional. Microsoft's shift was motivated by an intense level of scrutiny and withering global publicity that few firms experience, and it had the unusual luxury of responding with vast engineering resources paid for by monopoly rents. Most developers face far weaker security incentives.