In Portland 2014, we return to a theme first discussed as a panel at OOPSLA 2008 in Nashville TN. At that time, we explored whether openness (many eyes) and transparency contribute to improved security and discussed the benefits of achieving privacy “and” security - rather than simply privacy “or” security. Has the state of the art changed for the better or is the combination of increasing system states and complexity leading to lose-lose trade-offs?

As news stories continue to demonstrate, ensuring adequate security and privacy in a networked “always on” world is a challenge; and while open source software can mitigate problems, it is not a panacea. This panel will bring together experts from industry and academia to debate, discuss, and offer opinions - questions might include:

• What are the “costs” of “good enough” security and privacy on developers and customers
• What is the appropriate trade-off between the price to provide security and the cost of poor security?
• How can the consequences of poor design and implementation be managed?
• Can systems be enabled to fail “security-safe”?
• What are the trade-offs for increased adoption of privacy and security best practices?
• How can the “costs” of privacy and security - both tangible and intangible - be reduced?