Hacker News new | past | comments | ask | show | jobs | submit login

Did you read the rest of my comment?



The difference between your approach and mine is that you propose to solve it by making rules (regulations), as opposed to adding a separate party that can absorb risk (insurance), thus shielding a creative industry -- software development -- from adhering to a list of rules, which surely will only grow in size.


Ah. Insurance doesn't act as a separate party to absorb risk in the way you're talking about.

They act as a party to amortize known risk, in exchange for a monetary premium set based on that known risk.

Without the government stepping in and limiting catastrophic liability to some degree (ideally in exchange for signaling the market to produce a social good), the premiums changed would be so large as to just suck money out of tech. There's no creativity shield if you're paying an onerous amount of your profits in exchange.

Which is why I said any solution has to be two part: (1) require risk liability on a better-defined subset of risk & (2) provide a liability shield on the remaining less-defined risk iff a company demonstrates an ability to handle it (aka prompt patching). This creates a modelable insurance risk market, therefore reasonable premiums, and still does something about nation-state level attacks.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: