Software Screws Around, Reverse Engineering Finds Out: How Independent, Adversarial Research Informs Government Regulation
Andy Sellars, Mike Specter
ShmooCon XX (Final) · Day 1 · One Track Mind
In "Software Screws Around, Reverse Engineering Finds Out," Andy Sellars and Mike Specter deliver a compelling argument about the critical, yet often unacknowledged, role of independent, adversarial security research in shaping government regulation and consumer protection in the software industry. They contend that the inherent complexity and opacity of modern software, coupled with legal doctrines like trade secrets, create a profound information asymmetry between software vendors and consumers. This imbalance leads to a market failure where vendors have little incentive to invest adequately in security, treating it as a **credence good**—a quality whose value cannot be easily ascertained by the buyer, even after purchase.
AI review
This talk presents a compelling, data-backed argument for the critical role of independent, adversarial security research in informing government regulation and protecting consumers. By framing software security as a 'credence good' and empirically demonstrating the Federal Trade Commission's significant reliance on external research, the speakers expose fundamental market failures and legal impediments. The discussion on banning private contract restrictions and moving away from exploitative bug bounty programs resonates deeply, providing actionable insights for researchers and policymakers…