Geeks With Blogs
Mark Nichols' Blog Let me explain. No, there is too much. I will sum up.

Howard Schmidt, the former White House cybersecurity adviser says sue the programmer.  Thanks Howard – sue the person with the least ability to control the situation.  Counterpane Internet Security CTO Bruce Schneier says sue the company because somebody is liable and he says let’s leave it up to the courts to figure it out.


These are bad ideas.  First, the market is (supposed to be) driven by the ability to compare products and buy what you believe to be the best for your situation.  If it isn’t, then find another product that is.  This helps drive development of better products – not the fear of being sued.


Second, if software must be absolutely guaranteed then why shouldn’t all products live by the same rules?  Because innovation would cease – that’s why.


Also, who is going to judge if the security flaw was in the OS, an application, the configuration, the firewall, how about the language it was written in?  Another thing, who decides if it is a flaw or a limitation?


This will put undo pressure on the software industry, limit innovation because of fear and drive prices up significantly to pay for insurance, more development time and additional risk.


If there is malicious intent in the way software is developed as in the case of viruses, Trojan horses, etc. then sue away.  The only people who will ultimately realize gain from this type of legislation are lawyers.

Posted on Friday, October 21, 2005 2:34 PM General Observations | Back to top

Comments on this post: Who should be held liable for security flaws?

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Mark Nichols | Powered by: