Should Software Makers Be Liable For Security Holes?
from the back-to-the-big-question dept
In the wake of the Slammer worm, here's an editorial piece from the San Jose Mercury News repeating the popular position from Bruce Schneier that software makers need to be held liable when there are security holes in their products. He repeats the claim that this would also open up a whole new area of insurance protection, which would put pressure on software companies to improve their security. I can see how this could help improve security, but I can also see how it would stifle small, indepenedent (and individual) software developers by adding a ridiculous cost layer on top of creating the actual software. It would also bring up questions about who gets sued for a security hole in open source software. What about software that is set up incorrectly? Then is it the software company's fault or the company that set it up? I think it's easier to just hold companies responsible to the claims they put forth. If they claim a product is "trustworthy" or "unbreakable", and it isn't - then, there's a case for liability. However, if no such claims are made, it's tough to enforce liability. Update: Meanwhile, in somewhat related news, the price of hacker insurance is soaring, as it is often no longer covered by general liability insurance.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
how would liability have worked in this case?
I don't know the exact laws about product safety, but I think if a product has been recalled, and the manufacturer has made it reasonably easy for people to replace the item or correct the problem, then they are more-or-less immune from fault from then on (modulo the fact that in the US, you can sue anyone for anything at anytime). Making a free patch available over the Internet would seem to qualify as making it "reasonably easy" to fix the software.
Sure there are tons of patches and its a pain to apply them etc., and Microsoft has huge holes in its software development process that need to be fixed -- but what else could the company have done in this case, once the software was out there with the bug in it?
- adam
[ link to this | view in thread ]
Re: how would liability have worked in this case?
God, I hope they don't read that - they could find a whole new way to get insance profits from their software.
[ link to this | view in thread ]