This puzzles me. You correctly note how absolutely abysmal the political arena is for crafting well-defined rules regarding technical issues, and yet you immediately start agitating for more regulation. Do you really want to be compelled to conform to whatever (likely flawed) procedural policy the politicians and bureaucrats would come up with? A policy which would require further legislation to fix (much to the joy of lawyers and lobbyists)?
How about this instead: repeal some legislation. Repeal the laws that prosecute Good Samaritans who, after a reporting a security flaw to a firm, release it to the public who might be harmed by the flaw. If the firm has no procedures in place to deal with the reports, then too bad for them; they don't get to use the state as a club against others.
I'm fully aware that none of that will happen. The police power of the state confers no wisdom on those willing to wield it. Nor do they have any incentive to write good laws, but on the contrary are encouraged by interested parties to write bad laws (intentionally or not). So please, stop agitating for new laws in the vain hope that finally, this time, they won't create a plethora of unintended consequences and injured innocents.
We're all entitled to our political views. Mine are that regulation and deregulation are both potentially dangerous, but that if we all assume the worst--that no regulation can ever be effective, so we shouldn't have any--we'll get nowhere fast. So I advocate for regulations that make sense, despite being aware that politics isn't always so logical or straightforward.
This puzzles me. You correctly note how absolutely abysmal the political arena is for crafting well-defined rules regarding technical issues, and yet you immediately start agitating for more regulation. Do you really want to be compelled to conform to whatever (likely flawed) procedural policy the politicians and bureaucrats would come up with? A policy which would require further legislation to fix (much to the joy of lawyers and lobbyists)?
How about this instead: repeal some legislation. Repeal the laws that prosecute Good Samaritans who, after a reporting a security flaw to a firm, release it to the public who might be harmed by the flaw. If the firm has no procedures in place to deal with the reports, then too bad for them; they don't get to use the state as a club against others.
I'm fully aware that none of that will happen. The police power of the state confers no wisdom on those willing to wield it. Nor do they have any incentive to write good laws, but on the contrary are encouraged by interested parties to write bad laws (intentionally or not). So please, stop agitating for new laws in the vain hope that finally, this time, they won't create a plethora of unintended consequences and injured innocents.