undefined | Better HN

0 pointsstaunton3y ago0 comments

> What it inevitably leads to is denial, coverup, unwillingness to innovate

... and finally adoption of the required methods and reaching required standards, like countless cases of successful regulation since times immemorial.

How do you give companies a positive incentive to fix an issue if the issue does not cost them money? Fixing such an issue is a competitive disadvantage.

> The better way is for no-fault, encouraging disclosure and openness about bugs, and collaboration in fixing them.

What does that look like? Paying companies per disclosed bug in their software? State sponored white-hat hacker teams that find and fix the companies' bugs for them without disclosure? I can't think of anything that sounds realistic.

0 comments

WalterBright3y ago

> What does that look like?

The D Language Foundation operates that way, for a real world example. The bug list is open, anyone can /view/comment on/submit a fix/ for any bug.

> Fixing such an issue is a competitive disadvantage.

Fixing problems is an advantage, not a disadvantage.

j / k navigate · click thread line to collapse