ABSTRACT
Would you waste billions of dollars a year if you could avoid it? Certainly not. But this is precisely what we do with mass-market software. Individual, companies, and governments collectively lose billions when hackers exploit defects in software to gain unauthorized access to online information. Vulnerabilities are software defects that hackers can exploit to gain unauthorized access. Software programs—mass-market programs at least—contain too many vulnerabilities. Everyone (except perhaps for the hackers) would be better off if there were far fewer vulnerabilities and hence much less loss. The billions saved could, for example, be spent on health care, education, or business investment. Why do we throw billions away? And, what should we do about it? In answering these questions, we consider only mass-market software. Custom-made software raises somewhat different issues.
