[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TechRepublicDEVELOPERCXO JPMorgan's Athena has 35 million lines of Python code, and won't be updated to Python 3 in time

On 2019-09-14 08:10:50 -0500, Spencer Graves wrote:
> ????? As I'm thinking about it, the companies that provide cybersecurity
> insurance could be the best points of leverage for this, because they think
> about these kinds of things all the time. Insurance companies for decades

I wouldn't set my hopes too high. Bruce Schneier recently quoted from
https://tylermoore.utulsa.edu/govins20.pdf (which I haven't read yet):

| Cyber insurance appears to be a weak form of governanceat present.
| Insurers writing cyber insurance focus more on organisational
| procedures than technical controls, rarely include basic security
| procedures in contracts, and offer discounts that only offer a
| marginal incentive to in-vest in security.  However, the cost of
| external response services is covered, which suggests insurers believe
| ex-post responses to be more effective than ex-ante mitiga-tion.
| (Alternatively, they can more easily translate the costs associated
| with ex-post responses into manageable claims.)


   _  | Peter J. Holzer    | we build much bigger, better disasters now
|_|_) |                    | because we have much more sophisticated
| |   | hjp at hjp.at         | management tools.
__/   | http://www.hjp.at/ | -- Ross Anderson <https://www.edge.org/>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-list/attachments/20190915/e129a40e/attachment.sig>