Legislation and Standards

Discussion proposal to EURIM on the adverse effects of emerging intellectual property rights on independent software vulnerability investigation.

Response to EURIM on the IPPR Discussion Paper on Partnership Policing for the Information Society.

Submission to the parliamentary All Party Internet Group on updating the Computer Misuse Act 1990 to address emerging Internet-related offences.

Response to the Home Office consultation on whether or not to implement the custodial sentences specified in section 55 of the 2008 Act.

Software continues to be riddled with exploitable bugs. Two analysts’ reports demonstrate the scale of a problem that is clearly out of control.

How many of us verify the quality of our risk judgements? Do we even know how to? Why do current risk management standards not help us?

Certification to a standard or achieving actual security - which should come first?

Even governments still believe it’s impractical to turn software development into a real engineering discipline, but the basic principles are simple, and should be obvious if we’re paying even minimal attention.