Could a vulnerability tax work?
The new Apple security chief believes a vulnerability tax could really help make software safer. Could it work?


James Lyne, Sophos security expert, said the introduction of a tax could help "raise the bar" so software developers would be compelled to improve security in their products.
However, any tax project would need to be dealt with carefully to avoid damaging new product development," Lyne told IT PRO.
"Such an initiative had to be managed carefully however, many brilliant technology platforms generating business value start of life as underdeveloped, under resourced applications," the young security expert said.
"Stifling innovation has to be considered too."
Lyne agreed with Rice that there was no such thing as "perfect software."
So, whilst the initiative could not eliminate the issue, it could at least improve the situation.
"This tax is actually more in the category of regulation, trying to make sure companies make appropriate investment to manage the risk (presumably commensurate with resources)," Lyne added.
Get the ITPro daily newsletter
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
"Regulation can be effective but needs to be handled carefully to avoid adverse effects."
He said it was nevertheless positive that Apple was "standing up and wanting to build transparency and drive investment."
Outside of companies, secure development practices should be instilled in education as well, Lyne said. He claimed many academic bodies were not doing enough to cover this topic.
It seems a vulnerability tax is an interesting concept one that could really shake things up. Yet the idea clearly needs some more thought if it is to ever be implemented.
Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.
He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.
-
Software vendors are flocking to CISA’s Secure by Design Pledge
News CISA’s Secure by Design Pledge is picking up momentum, adding a further 100 companies to its list of signees since May
By Solomon Klappholz
-
In web browsers we should not trust
In-depth Davey Winder explains why end users should be wary of putting too much trust in their chosen web browser
By Davey Winder
-
Mozilla rush-releases Firefox security patch
News Web browser software vendor patches up Firefox URL tracking hole.
By Caroline Donnelly
-
Mac OS X update fixes over 130 vulnerabilities
News More than 130 security flaws have been fixed in the latest Mac OS X update.
By Tom Brewster
-
Criminals fail to spread Apple Mac email worm
News Threats targeting the Apple Mac OS have been increasing, with a new worm following hot on the heels of the first Mac botnet.
By Asavin Wattanajantra
-
Apple releases bumper pack of Christmas security fixes
News As Apple patches up a number of flaws, some users criticise the Mac giant for its attitude to security.
By Asavin Wattanajantra