Making Software Vendors Liable For Security
from the good-or-bad? dept
I’m still not sure how I feel about this, but here’s yet another article saying that software makers should be liable for software that has weak security. To some extent, I agree. Right now, software vendors have no liability issues, and in many cases they don’t seem to care at all about security. However, it is nearly impossible to make completely secure software, and having them liable for every single hole would make it a very expensive proposition (especially for smaller companies) to ever commercialize any sort of software product.
Comments on “Making Software Vendors Liable For Security”
liability
This is a slippery slope. Getting liability lawyers involved, and the ensuing lawsuits, might do some good in the short term (think Ford Pinto or airbags, examples in the auto world where liability & lawsuits forced necessary changes) but would ultimately have the same effect you’re seeing today in the medical field. There are a lot of doctors and surgeons closing their practices because they can’t afford the malpractice insurance.
The problem is that after awhile these things start to take on a lottery mentality, particularly when the ‘prizes’ get so large that lawyers will take just about any case on contingency.
And who would be the judge? Have you ever seen or heard of a judge or jury that you think would/could make an intelligent ruling on technical issues? Take a look at the sorry state of the aviation industry for an example of how bad this can get. Guy flies his plane into a mountain, bereaved can’t sue Cessna due to liability limitations, so they sue the magneto (an engine part that has ZERO to do with the way the plane is flown) manufacturer because they are the only ones with deep enough pockets. Juries are emotional – they can’t resist crying widows.