Cost of Insecure Software

Can you take a guess? How much? 10… 20… 30… 40… 100… Billion? Read on, the numbers truly are shocking and are beyond my wildest imaginations.

According to this article in darkreading.com, the cost is $180B (billion) per year for US businesses (gasp…. only for US businesses, what about the whole wide world?). Agreed that this number is somewhat ‘soft’ and subject to adjustments, still it provides a reference point in the debate of how much insecure software costs.

The article talks about a vulnerability tax (David Rice’s proposal) on software makers to reduce the impact. The whole debate about determining whether software is vulnerable is a can of worms. Consider this, software vendors even today have heated arguments about responsible disclosure and there is hardly any agreement industry wide on the subject. If a monetary penalty in the form of tax is added, then how much the same vendors will push back can only be imagined. If the proposal ever flies, hopefully it will be the beginning of a new age of secure software.