Should Software Makers Be Liable For Security Holes?

from the back-to-the-big-question dept

In the wake of the Slammer worm, here's an editorial piece from the San Jose Mercury News repeating the popular position from Bruce Schneier that software makers need to be held liable when there are security holes in their products. He repeats the claim that this would also open up a whole new area of insurance protection, which would put pressure on software companies to improve their security. I can see how this could help improve security, but I can also see how it would stifle small, indepenedent (and individual) software developers by adding a ridiculous cost layer on top of creating the actual software. It would also bring up questions about who gets sued for a security hole in open source software. What about software that is set up incorrectly? Then is it the software company's fault or the company that set it up? I think it's easier to just hold companies responsible to the claims they put forth. If they claim a product is "trustworthy" or "unbreakable", and it isn't - then, there's a case for liability. However, if no such claims are made, it's tough to enforce liability. Update: Meanwhile, in somewhat related news, the price of hacker insurance is soaring, as it is often no longer covered by general liability insurance.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Adam Barr, 10 Feb 2003 @ 10:13am

    how would liability have worked in this case?

    In this particular case, Microsoft had issued a patch for the problem six months before. So would they still have been liable for Slammer?

    I don't know the exact laws about product safety, but I think if a product has been recalled, and the manufacturer has made it reasonably easy for people to replace the item or correct the problem, then they are more-or-less immune from fault from then on (modulo the fact that in the US, you can sue anyone for anything at anytime). Making a free patch available over the Internet would seem to qualify as making it "reasonably easy" to fix the software.

    Sure there are tons of patches and its a pain to apply them etc., and Microsoft has huge holes in its software development process that need to be fixed -- but what else could the company have done in this case, once the software was out there with the bug in it?

    - adam

    link to this | view in thread ]

  2. identicon
    Agent Orange, 10 Feb 2003 @ 3:43pm

    Re: how would liability have worked in this case?

    Umm... I don't know, maybe not blame their customers right off the bat? They got hit as well, so I suppose they could also file a claim with their insurance against themselves to recover their own damages.

    God, I hope they don't read that - they could find a whole new way to get insance profits from their software.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.