At the GOVCERT.NL Security Conference 2008 in the Netherlands, David Rice (The Monterey Group) gave this talk based on his book 'Geekonomics'.

More information at govcertsymposium.com

Abstract:
Economic, legal, and regulatory incentives in the software market are missing, distorted, or perverted. This allows software manufacturers to continuously "dump" vast quantities of vulnerabilities into the global stream of commerce, with little consequence to them and with great consequence to everyone else. The money expended on cyber security is, in part, to deal with the effects of insecure software, not to prevent insecure software in the first place. This simply is not sustainable. It should be more expensive (and more difficult) for attackers to discover vulnerabilities than for software buyers to protect against an unrelenting deluge of vulnerabilities. Because of software's pervasiveness, "bad" software is no longer a technical issue, but public policy issue.
In this talk David Rice discusses possible incentives for creating sustainable cyber security for the global community.