Governments should impose regulations to ensure software suppliers and internet service providers meet minimum standards of security, a former White House security adviser told the RSA Conference last week.
Richard Clarke, former special adviser to president George W Bush, said market forces were not enough to ensure suppliers provide adequate security to meet the rising threat of malicious code and computer hacking.
Attempts by US telecoms regulators to work with ISPs to create voluntary codes of practice to tackle spam, viruses and spyware had failed, he said, leaving little alternative but regulation.
Regulation would force software suppliers and ISPs to be more transparent about how they are improving their security.
"We have to do something about the quality of software. Sending people to jail is not going to do any good. Maybe we should ask suppliers to disclose whether they are following an agreed set of guidelines," said Clarke.
He rejected arguments that increased regulation would damage innovation in the IT industry.
Bruce Schneier, chief technology officer at Counterpane Internet Security, said suppliers did not have sufficient financial incentive to offer secure software. They needed to be made responsible for the failings of their products, whether through executives going to jail or fines, he said.