« Applying the Feynman-Tufte Principle to Software Architecture | Main | XML Security Best Practices from Vordel »


Simson L. Garfinkel

Are you familiar with my Pure Software Act of 2006 proposal? It's significantly more workable.


The Pure Software Act is a very interesting idea. It would be a huge advantage for consumers to know if they are installing software that is phishable, for instance. The difference between the two concepts, as far as I can tell, is that in Jeff's approach the listing contains known vulnerabilities and countermeasures (information that is valuable to technical people), whereas the Pure Software Act provides labels that help consumers make decisions. It would seem that there is room for both in the metaverse, no?

Simson L. Garfinkel

The key difference between this approach and the approach that I put forth in the Pure Software Act is that this approach labels potential attacks and volunerabilities of which the author of the software might not be aware. On the other hand, the Pure Software approach has authors label functionality that was both intentionally placed into the software, and which causes the software to operate in a manner that is unexpected.

This approach is humorous and points out a real problem---poor software quality. My approach is a credible solution to the problem of spyware.

The comments to this entry are closed.