Geekonomics: The Real Cost of Insecure Software

Hardcover (Print)
Buy Used
Buy Used from BN.com
$17.64
(Save 41%)
Item is in good condition but packaging may have signs of shelf wear/aging or torn packaging.
Condition: Used – Good details
Used and New from Other Sellers
Used and New from Other Sellers
from $1.99
Usually ships in 1-2 business days
(Save 93%)
Other sellers (Hardcover)
  • All (29) from $1.99   
  • New (4) from $10.79   
  • Used (25) from $1.99   
Close
Sort by
Page 1 of 1
Showing All
Note: Marketplace items are not eligible for any BN.com coupons and promotions
$10.79
Seller since 2011

Feedback rating:

(469)

Condition:

New — never opened or used in original packaging.

Like New — packaging may have been opened. A "Like New" item is suitable to give as a gift.

Very Good — may have minor signs of wear on packaging but item works perfectly and has no damage.

Good — item is in good condition but packaging may have signs of shelf wear/aging or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Acceptable — item is in working order but may show signs of wear such as scratches or torn packaging. All specific defects should be noted in the Comments section associated with each item.

Used — An item that has been opened and may show signs of wear. All specific defects should be noted in the Comments section associated with each item.

Refurbished — A used item that has been renewed or updated and verified to be in proper working condition. Not necessarily completed by the original manufacturer.

New
2007 Hardcover New

Ships from: san francisco, CA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$25.81
Seller since 2008

Feedback rating:

(521)

Condition: New
0321477898 NEW ~ Tight & Bright ~ all books carefully examined & well packaged

Ships from: Waltham, MA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$25.81
Seller since 2005

Feedback rating:

(217)

Condition: New
Hardcover New 0321477898 NEW ~ Tight & Bright ~ all books carefully examined & well packaged.

Ships from: Waltham, MA

Usually ships in 1-2 business days

  • Canadian
  • International
  • Standard, 48 States
  • Standard (AK, HI)
  • Express, 48 States
  • Express (AK, HI)
$60.00
Seller since 2014

Feedback rating:

(139)

Condition: New
Brand new.

Ships from: acton, MA

Usually ships in 1-2 business days

  • Standard, 48 States
  • Standard (AK, HI)
Page 1 of 1
Showing All
Close
Sort by

Overview

“The clarity of David’s argument and the strength of his conviction are truly inspiring. If you don’t believe the world of software affects the world in which you live, you owe it to yourself to read this book.”
–Lenny Zeltzer, SANS Institute faculty member and the New York Security Consulting Manager at Savvis, Inc.

Geekonomics stays with you long after you finish reading the book. You will reconsider every assumption you have had about software costs and benefits.”
–Slava Frid, Gemini Systems, CTO, Resilience Technology Solutions

“Information Security is an issue that concerns governments, companies and, increasingly, citizens. Are the computer systems and software to which we entrust our sensitive and critical information, technologies that are out of control? David Rice has written an important and welcome book that goes to the heart of this issue, and points to solutions that society as a whole needs to debate and embrace.”
–Nick Bleech, IT Security Director, Rolls-Royce

“If you are dependent upon software (and of course, all of us in the modern world are) this book is a fabulous discussion of how and why we should worry.”
–Becky Bace

The Real Cost of Insecure Software

• In 1996, software defects in a Boeing 757 caused a crash that killed 70 people…

• In 2003, a software vulnerability helped cause the largest U.S. power outage in decades…

• In 2004, known software weaknesses let a hacker invade T-Mobile, capturing everything from passwords to Paris Hilton’s photos…

• In 2005, 23,900 Toyota Priuses were recalled for software errors that could cause the cars to shut down at highway speeds…

• In 2006 dubbed “The Year of Cybercrime,” 7,000 software vulnerabilities were discovered that hackers could use to access private information…

• In 2007, operatives in two nations brazenly exploited software vulnerabilities to cripple the infrastructure and steal trade secrets from other sovereign nations…

Software has become crucial to the very survival of civilization. But badly written, insecure software is hurting people–and costing businesses and individuals billions of dollars every year. This must change. In Geekonomics, David Rice shows how we can change it.

Rice reveals why the software industry is rewarded for carelessness, and how we can revamp the industry’s incentives to get the reliability and security we desperately need and deserve. You’ll discover why the software industry still has shockingly little accountability–and what we must do to fix that.

Brilliantly written, utterly compelling, and thoroughly realistic, Geekonomics is a long-overdue call to arms. Whether you’re software user, decision maker, employee, or business owner this book will change your life…or even save it.

The Alarming Cost of Insecure, Badly Written Software...

and How to Finally Fix the Problem, Once and for All!

Six billion crash test dummies: why you’re at greater risk than you ever imagined.

You pay the price: why consumers are legally and financially responsible for the mistakes of software manufacturers.

Broken windows: how software promotes epidemic cyber crime and threatens national security.

Who runs the show?: Why software manufacturers fought against the U.S. Food and Drug Administration’s attempts to protect the U.S. blood supply.

Protecting national infrastructure: real incentives for transforming software manufacturing.

Surviving the information superhighway: practical, must-read advice in a world of insecure code.

Preface xiii

Acknowledgments xix

About the Author xx

Chapter 1: The Foundation of Civilization 1

Chapter 2: Six Billion Crash Test Dummies: Irrational Innovation and Perverse Incentives 19

Chapter 3: The Power of Weaknesses: Broken Windows and National Security 73

Chapter 4: Myopic Oversight: Blinded by Speed, Baffled by Churn 131

Chapter 5: Absolute Immunity: You Couldn’t Sue Us Even If You Wanted To 179

Chapter 6: Open Source Software: Free, But at What Cost? 243

Chapter 7: Moving Forward: Rational Incentives for a Different Future 273

Epilogue 321

Notes 325

Index 341

Read More Show Less

Product Details

  • ISBN-13: 9780321477897
  • Publisher: Addison-Wesley
  • Publication date: 12/13/2007
  • Pages: 384
  • Product dimensions: 6.31 (w) x 9.26 (h) x 1.25 (d)

Meet the Author

David Rice is an internationally recognized information security professional and an accomplished educator and visionary. For a decade he has advised, counseled, and defended global IT networks for government and private industry. David has been awarded by the U.S. Department of Defense for "significant contributions" advancing security of critical national infrastructure and global networks. Additionally, David has authored numerous IT security courses and publications, teaches for the prestigious SANS Institute, and has served as adjunct faculty at James Madison University. He is a frequent speaker at information security conferences and currently Director of The Monterey Group.

Read More Show Less

Table of Contents

Preface xiii

Acknowledgments xix

About the Author xx

Chapter 1: The Foundation of Civilization 1

Chapter 2: Six Billion Crash Test Dummies: Irrational Innovation and Perverse Incentives 19

Chapter 3: The Power of Weaknesses: Broken Windows and National Security 73

Chapter 4: Myopic Oversight: Blinded by Speed, Baffled by Churn 131

Chapter 5: Absolute Immunity: You Couldn’t Sue Us Even If You Wanted To 179

Chapter 6: Open Source Software: Free, But at What Cost? 243

Chapter 7: Moving Forward: Rational Incentives for a Different Future 273

Epilogue 321

Notes 325

Index 341

Read More Show Less

Preface

Preface


You may or may not have an inkling of what insecure software is, how it impacts your life, or why you should be concerned. That is OK. This book attempts to introduce you to the full scope and consequence of software's impact on modern society without baffling the reader with jargon only experts understand or minutia only experts care about. The prerequisite for this book is merely a hint of curiosity.
Although we interact with software on a daily basis, carry it on our mobile phones, drive with it in our cars, fly with it in our planes, and use it in our home and business computers, software itself remains essentially shrouded—a ghost in the machine; a mystery that functions but only part of the time. And therein lays our problem.
Software is the stuff of modern infrastructure. Not only is software infused into a growing number of commercial products we purchase and services we use, but government increasingly uses software to manage the details of our lives, to allocate benefits and public services we enjoy as citizens, and to administer and defend the state as a whole. How and when we touch software and how and when it touches us is less our choice every day. The quality of this software matters greatly; the level of protection this software affords us from harm and exploitation matters even more.
As a case in point, in mid-2007 the country of Estonia, dubbed "the most wired nation in Europe" because of its pervasive use of computer networks for a wide array of private and public activities, had a significant portion of its national infrastructure crippled for over two weeks by cyber attacks launched from hundreds ofthousands of individual computers that had been previously hijacked by Russian hackers. Estonia was so overwhelmed by the attacks Estonian leaders literally severed the country's connection to the Internet and with it the country's economic and communications lifeline to the rest of the world. As one Estonian official lamented, "We are back to the stone age." The reason for the cyber attack? The Russian government objected to Estonia's removal of a Soviet-era war memorial from the center of its capital Tallinn to a military cemetery.
The hundreds of thousands of individual computers that took part in the attack belonged to innocents; businesses, governments, and home users located around the world unaware their computers were used as weapons against another nation and another people. Such widespread hijacking was made possible in large part because of insecure software—software that, due to insufficient software manufacturing practices leaves defects in software that allows, among other things, hackers to hijack and remotely control computer systems. Traditional defensive measures employed by software buyers such as firewalls, anti-virus, and software patches did little to help Estonia and nothing to correct software manufacturing practices that enabled the attacks in the first place.
During the same year, an experienced "security researcher" (a euphemism for a hacker) from IBM's Internet Security Systems was able to remotely break into and hijack computer systems controlling a nuclear power plant in the United States. The plant's owners claimed their computer systems could not be accessed from the Internet. The owners were wrong. As the security researcher later stated after completing the exercise, "It turned out to be the easiest penetration test I'd ever done. By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant. I thought, 'Gosh, this is a big problem.'"
Indeed it is.
According to IDC, a global market intelligence firm, 75 percent of computers having access to the Internet have been infected and are actively being used without the owner's knowledge to conduct cyber attacks, distribute unwanted email (spam), and support criminal and terrorist activities. To solely blame hackers or hundreds of thousands of innocent computer users, or misinformed—and some might say "sloppy"—power plant owners for the deplorable state of cyber security is shortsighted and distracts from the deeper issue. The proverbial butterfly that flaps its wings in Brazil causing a storm somewhere far away is no match for the consequences brought about by seemingly innocuous foibles of software manufacturers. As one analyst commented regarding insecure software as it related to hijacking of the nuclear reactor's computer systems, "These are simple bugs mistakes in software, but very dangerous ones."
The story of Estonia, the nuclear reactor, and thousands of similar news stories merely hint at the underlying problem of modern infrastructure. The "big problem" is insecure software and insecure software is everywhere. From our iPhones (which had a critical weakness in its software discovered merely two weeks after its release) to our laptops, from the XBOX to public utilities, from home computers to financial systems, insecure software is interconnected and woven more tightly into the fabric of civilization with each passing day and with it, as former U.S. Secretary of Defense William Cohen observed, an unprecedented level of vulnerability. Insecure software is making us fragile, vulnerable, and weak.
The threat of global warming might be on everyone's lips, and the polar ice caps might indeed melt but not for a time. What is happening right now because of world-wide interconnection of insecure software gives social problems once limited by geography a new destructive range. Cyber criminals, terrorists, and even nation states are currently preying on millions upon millions of computer systems (and their owners) and using the proceeds to underwrite further crime, economic espionage, warfare, and terror. We are only now beginning to realize the enormity of the storm set upon us by the tiny fluttering of software manufacturing mistakes and the economic and social costs such mistakes impose. In 2007, "bad" software cost the United States roughly $180 billion; this amount represents nearly 40 percent of the U.S. military defense budget for the same year ($439 billion) or nearly 55 percent more than the estimated cost to the U.S. economy ($100 billion) of Hurricane Katrina, the costliest storm to hit the United States since Hurricane Andrew.1
Since the 1960s, individuals both within and outside the software community have worked hard to improve the quality, reliability, and security of software. Smart people have been looking out for you. For this, they should be commended. But the results of their efforts are mixed.
After 40 years of collaborative effort with software manufacturers to improve software quality, reliability, and security, Carnegie Mellon's Software Engineering Institute (SEI)—an important contributor to software research and improvement—declared in the year 2000 that software was getting worse, not better.. Such an announcement by SEI is tantamount to the U.S. Food and Drug Administration warning that food quality in the twenty-first century is poorer now than when Upton Sinclair wrote The Jungle in 1906.2 Unlike progress in a vast majority of areas related to consumer protection and national security, progress against "bad" software has been fitful at best.
While technical complications in software manufacturing might be in part to blame for the sorry state of software, this book argues that even if effective technical solutions were widely available, market incentives do not work for, but work against better, more secure software. This has worrisome consequences for us all.
Incentives matter. Human beings are notoriously complex and fickle creatures that will do whatever it takes to make themselves better off. There is nothing intrinsically wrong with this behavior. People, looking out for their own best interests are what normal, rational human beings are want to do. However, the complication is that society is a morass of competing, misaligned, and conflicting incentives that leads to all manner of situations where one individual's behavior may adversely affect another. Nowhere is this more obvious than in free market economies. As such, Geekonomics is the story of software told through the lens of humanity, not through the lens of technology.
To see and to understand insecure software merely as a technical phenomenon to be solved by other technical phenomena is to be distracted from the larger issue. Software is a human creation and it need not be mysterious or magical. It also need not to make us fragile, vulnerable, and weak. To understand software and its implications for society requires an understanding of how humans behave, not necessarily how software behaves. More specifically, this book looks at the array of incentives that compel people to manufacture, buy, and exploit insecure software. In short, incentives matter for any human endeavor and without understanding the incentives that drive people toward or away from a particular behavior, all the potential technical solutions that might help address the problem of insecure software will sit idle, or worse, never be created at all. After 40 years of effort with debatable improvement, this much is evident.
As with any complex issue, and especially with a complex issue such as software manufacturing, there are few "right" answers regarding how to fix the problem. However, there are ways of approaching complex issues more fruitful than others that are worth investigating. Protecting economic and national security from the effects of insecure software is as much an economic issue as it is a technological issue. We know software is as notoriously complex and fickle as the humans that create it, if not more so. But as a human creation, we need not understand insecure software in its entirely; we need merely to get humans to stop creating the stuff. And this is where incentives come in.
At base, economics teaches us, at least in part, how to get incentives right. Of course, economists are not always right when it comes to forecasting the expected effects of a particular incentive, but economics allows us to approach complex issues from a scientific perspective and make reasonable, better-informed decisions. By using and analyzing data—even imperfect data—economics allows us to view the world as it is, look back as it was, and to anticipate how it might be. Incentives help navigate the path to a desired future. The desired future of this author is a stable, secure, global infrastructure that propels humanity beyond its wildest dreams.
There are three primary themes in Geekonomics:

  • First, software is becoming the foundation of modern civilization; software constitutes or will control the products, services, and infrastructure people will rely on for a wide variety of daily activities from the vital to the trivial.

  • Second, software is not sufficiently engineered at this time to fulfill the role of "foundation." The information infrastructure is the only part of national infrastructure that is destructively tested while in use; that is, software is shipped containing both known and unknown weaknesses for which software buyers are made aware of and must fix only after installation (or after losing control of your nuclear power plant). The consequences are already becoming apparent and augurs ill for us all.

  • Third, important economic, legal, and regulatory incentives that could improve software quality, reliability, and security are not only missing, but the market incentives that do exist are perverted, ineffectual, or distorted. Change the incentives and the story and effects of insecure software change also.

Because of the complexity of software itself and the complexity of manufacturing software, no single discipline, even one as powerful as economics, is sufficient for holistically addressing the topic at hand. As such, this book also contains a splash of psychology, physics, engineering, philosophy, and criminology which are mostly framed within the context of incentives. This book does not contain the complete story of insecure software, only those parts that a single author can realistically include in a book meant to inform, entertain, and enlighten.
I like software. I really do. Though the tone of my writing is often forceful and urgent regarding insecure software in general and software manufacturers in particular, I truly appreciate all the things I can do with software that I could not possibly do as quickly, efficiently, or cheaply without it. Writing this book was infinitely easier using a word processor than with a traditional type writer (of which I have not owned one for 20 years). But everything has a cost and not all costs are readily apparent at the time of acquisition. I had no less than three separate storage locations (laptop hard drive, USB key, network storage) for the book's manuscript just in case something should happen, which it inevitably did. My word processor application (which will remain nameless) crashed or froze roughly 40 times in the course of writing this book. Without software this book might not have been written as quickly compared to older methods. That is not in question. Without reliable backups however, this book would not have been written at all.
Ironically, in writing this book I attempted to avoid providing a litany of software disasters in hopes of escaping claims that I might be promoting "fear, uncertainty, and doubt," a claim that so often pollutes and plagues discussions regarding software security; yet, many of my non-expert reviewers (for whom the book is focused) thought I was being unfair to software manufacturers because I did not provide the necessary probative evidence to establish why software manufacturers are partly to blame for threatening the foundation of civilization. "What was needed?" I asked. A litany of software disasters would be helpful, came the reply. And so my hope is that the litany of disasters provided in this book are seen as necessary to provide context and perspective for those unfamiliar with the subject and impact of insecure software, rather than the primary focus of the book.
© Copyright Pearson Education. All rights reserved.
Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star

(0)

4 Star

(0)

3 Star

(0)

2 Star

(0)

1 Star

(0)

Your Rating:

Your Name: Create a Pen Name or

Barnes & Noble.com Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & Noble.com that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & Noble.com does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at BN.com or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation

Reminder:

  • - By submitting a review, you grant to Barnes & Noble.com and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Noble.com Terms of Use.
  • - Barnes & Noble.com reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & Noble.com also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on BN.com. It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

 
Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously
Sort by: Showing all of 2 Customer Reviews
  • Anonymous

    Posted December 1, 2007

    Unbelievable!!!

    Thank you! A great, interesting, eye opening and entertaining read. Totally interesting way to look at cyber security, this book makes everything easy to understand, but fascinating at the same time. I'm gifting geeks and non-geeks alike with this book for the holidays.

    Was this review helpful? Yes  No   Report this review
  • Anonymous

    Posted November 8, 2007

    Not Just For Geeks!

    Wow! Brilliantly written, clearly presented, and an eye opener as to the real role software plays in our everyday life. Awesome, interesting and 'spooky' true stories about the impact of what we all consider functioning software. It is a compelling read and Rice makes you question why the end user should be soley responsible for software gliches, vulnerbilities or other computer mishaps, be it for your bank's mandatory on-line service agreement or the software controlling our water supply. Whether you ultimately agree with the author's conclusions or not, the book certainly encourages you to think about everyday things more critically and not just accept the conventional and only way we use, rely on, buy, and create software. Glad I wrangled a pre-release copy! A must read!!

    Was this review helpful? Yes  No   Report this review
Sort by: Showing all of 2 Customer Reviews

If you find inappropriate content, please report it to Barnes & Noble
Why is this product inappropriate?
Comments (optional)