> It might even distract from or interfere with development of a more general solution. But that's exactly the path a lot of people seem to be going
Or it could set a precedent... It has to start somewhere. Maybe Amazon or Google is next.
Were you thinking in general about some legislation? Say something like GDPR?
> Progress doesn't come from everyone saying "me too" on a bug report. It comes from people talking about and then implementing ideas to make the bug stop happening anywhere. I've seen precious little of that.
That happens if there is a common platform everything runs on. Maybe a shared library. You just fix the security bug in it and every application relying on it will benefit (generally speaking). In a way legislation, taxation, treaties, open standards are somewhat like it. When those change it affects everyone. But that is kind of rare, so doing it one instance at a time is still making some progress.
> In a way legislation, taxation, treaties, open standards are somewhat like it. When those change it affects everyone
That's the key: it affects everyone. In constitutional law there's this concept called a bill of attainder, which is a law directed toward a specific person instead of an action. Many constitutions, including that of the US, forbid them. I think any solution to these problems will be as much legislative/regulatory as technical - GDPR is an early model for this - but it has to be about the behavior. Otherwise it's just politicians playing favorites. I've seen some of the replies mention precedent as though it's a good thing, but we hardly need another precedent for the government picking winners and losers.
Or it could set a precedent... It has to start somewhere. Maybe Amazon or Google is next.
Were you thinking in general about some legislation? Say something like GDPR?
> Progress doesn't come from everyone saying "me too" on a bug report. It comes from people talking about and then implementing ideas to make the bug stop happening anywhere. I've seen precious little of that.
That happens if there is a common platform everything runs on. Maybe a shared library. You just fix the security bug in it and every application relying on it will benefit (generally speaking). In a way legislation, taxation, treaties, open standards are somewhat like it. When those change it affects everyone. But that is kind of rare, so doing it one instance at a time is still making some progress.