I'm not entirely sure that _someone_ has to be held responsible. Sometimes bad things happen, that's why we have insurance companies.
I think people shouldn't be targeting security breaches themselves, but the effects thereof. If some hacker gets credit card numbers, then that's what should be focussed on. Are the laws relating to insufficient protection of personal details strong enough? Are they being used?
I don't think software liability in and of itself is useful. Look at the effects, not the causes, to determine if there's liability.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds