Businesses Want Software Companies To Take Responsibility For Security Holes
from the face-up-to-what-they've-done-wrong dept
The debate has gone on forever about just how liable software companies should be for security holes that are later found in their software products. Both sides make compelling points. Those who are constantly patching and dealing with the security holes say that the software makers should be held responsible for their poor product design. Software developers point out that designing without any bugs or security holes is simply impossible - and making the company liable for any problems would destroy most software companies (especially small, independent developers). Either way, companies are sick of taking the blame for not patching security holes and are saying that software developers, even if they don't accept liability for vulnerabilities, at least need to accept some responsibility for making the situation better. The Business Roundtable, a trade group of CEOs, is calling on software companies to do a better job building in security, while also making it easier to update and secure systems when new vulnerabilities are found. They're also calling on the companies to continue to support older versions of their software after newer versions are on the market. They admit that companies do need to be vigilant about protecting their IT - but they want more help from the software developers. It seems like this is an obvious opportunity for managed security vendors to step up and offer solutions in the middle. The security problems are not going to go away - if anything, they're going to get worse. What needs to be done, however, is to look for a better solution to forcing an in-house IT staff to be ever-vigilant about patching every single application every time a new vulnerability is found.