Josephine Wolff, a professor at the Rochester Institute of Technology, believes cybersecurity policy would benefit from a debate about if and when it might be appropriate to punish careless computer users for their role in enabling those criminals.
Read more on The Atlantic while I go search for an image of a can of worms.
Is there any website owner who hasn’t had their site compromised at some point? And when it’s compromised, if it’s used to send out spam, should we hold the website owner responsible if hadn’t updated to the latest version of their platform that might have avoided the compromise? What do we do about entities who leave personal information on servers from defunct sites and businesses if/when those servers go hacked? What do we do about the approximately 40,000 MongoDB installationsthat are open on port 27017 or the equivalent situation in CouchDB and other platforms?
This calls for more coffee…