liability vs. cost
liability vs. cost
Posted Jan 18, 2007 21:46 UTC (Thu) by stevenj (guest, #421)Parent article: Linux guru argues against security liability (ZDNet UK)
Whether software-sellers should be liable for bugs, especially security bugs in their products, is an interesting question. Cox argues against it, even for proprietary software, because he claims liability would encourage vendors to prohibit use of third-party software (to prevent unforeseen interactions). Bruce Schneier makes a good argument on the other side, that a direct financial interest is the best way to make vendors secure their products.
Regardless, it seems clear that liability should not be used to destroy a key property of software: its zero marginal cost. Liability should certainly not be incurred when no money changes hands, e.g. when you download code from my web site.
Posted Jan 18, 2007 21:58 UTC (Thu)
by stumbles (guest, #8796)
[Link]
Posted Jan 18, 2007 22:47 UTC (Thu)
by NZheretic (guest, #409)
[Link] (1 responses)
The Ford Pinto and more recently the Ford Explorer's tires are two examples of public and media pressure being more successful than just threat of lawsuits. Even so, just as with the automotive industry, eventually though public pressure the governments around the world have to step in and pass regulations that set up a minimum set of requirements an automobile has to meet to be deemed "road worthy". This includes crash testing as well as the inclusion of safety equipment on all models. The requirement are not constant and change to meet the expectations and demands of the public and lawmakers.
The onus is not only on the automotive industry itself but also on the users. Most countries require that all automobiles undergo regular inspection and maintain an up to date "Warrant of Fitness".
In the same way, if you want a secure IT infrastructure, eventually the software design, implementation and each deployment will have to undergo the same type of regulation and scrutiny.
Posted Jan 19, 2007 14:47 UTC (Fri)
by Tr0n (guest, #42662)
[Link]
Yes I think holding either camp liable would not really solve anything. OTOH, liability vs. cost
perhaps it should be looked at from a time frame point of view. If a software
seller does nothing with a bug for say, 3 months, the time frame would depend
on it's complexity, then let some liability clause kick in. Though I'm not
particularly fond of that idea either.
From June 14 2002liability vs. cost
In a recent speech "Fixing Network Security by Hacking the Business Climate", also now on Technetcast, Bruce Schneier claimed that for change to occur the software industry must become libel for damages from "unsecure" software. However, historically this has not always been the case, since most businesses can insure against damages and pass the cost along to the consumer.
Read the rest in Our Data:an appeal - a "Plimsoll line" for apps
Does this apply to M$ stuff too?liability vs. cost
:)