Story: Developers 'should be accountable' for security holes
Posted by: Anonymous (Wednesday 12 October 2005, 4:30 PM)
If we take this to its logical conclusion we have two scenarios:
1. There are no more developers except those that have signed contracts with their target audience, which limit damages and responsibility.
2. Software development slows to a crawl and most projects are scraped. It is almost impossible to secure a piece of software from seurity breaches. Case in point: sendmail. This program has been around since the early seventies. It was written and rewritten many times. It still has problems with security to this day. Its not that its authors are bad programers but that security is a very difficult thing to nail down.
The only way this gets any better is to have well written and documented requirements for each and every project out there. This has historically not been the case.
Full Talkback thread
Story: Developers 'should be accountable' for security holes
-
If you are writing programs for a specific OS then... oldator -
Howard Schmidt sounds like yet another egghea... Bruce Allen -
Schmidt seems to be suggesting that the... jim bob -
Some of you guys are amazing.
It's... Big Al
-
Hmmm.. certainly got everyone... Stevie
-
BUNK! Absolute bunk! Unless Schmidt acknowledges... Floyd May
-
Brilliant...This is the fastest way I can thi... Stan Fisher
-
This is nonsense. The company should be liable for... Anonymous
-
Is an auto designer personnally liable for a... Glenn Branch
-
Dammit!
I'm so fscking SICK of these people who tr... Anonymous
-
agree with software application security - th... Bill Dobson
-
Bill - Let me guess... the additional pr... Coleman
-
You can hold developers responsible... Rob Fielding
-
Customers want developers to write software that d... Anonymous
-
In most cases, the developer does not own the... Anonymous
-
Developers don't make the decisions as to what is... Anonymous
-
As a software developer my manager gives me a... Tom Jones
-
I am sure he writes code every day!! Here is anoth... Anonymous
-
This won't work for several reasons:
** Since most... Anonymous
-
Software is extremely complex and will always be c... Jose Sandoval
-
Consumers should be (and ultimately are, through l... Nathan Tenney
-
If we take this to its logical conclusion we have... Anonymous -
Well this will certainly have the effect of gettin... Lawrence Foard
-
CMM doesn't represent how good your developers are... Anonymous
-
WHAT CONSTITUTES A SECURITY HOLE? WHAT ABOUT MISU... Dave Monk
-
I'd love the time to make all my code completely s... Anonymous
-
There are huge problems with this idea:
a) develop... Ian Woollard
-
Training is just one of the variables in this equa... Anonymous
-
This is a clearly a bureaucrat tooting his own hor... Coleman
-
Kiss my donkey Mr. Schmidt!! I wouldn't accept suc... Anonymous
-
Not to speak lowly of a mans education, but Mr. Sc... Anonymous
-
Has this person ever worked in a 'real world' prog... Anonymous
-
Mr. Schmidt is gone senile
Software products will... aspen
-
Should a developer be held accountable for a secur... Anonymous
-
Here's why Schmidt is an idiot.
Individual develop... John Boe
-
This is pure insanity and a perfect example of a p... Anonymous
-
Mr. Howard Schmidt has no clue about software deve... Anonymous
-
Let me guess... BUSH White House advisor.
The arti... John Boe
-
another idiot suit who got his job through cr... Anonymous
-
Sounds like a great idea to me... What about other... Anonymous
-
Bad idea. Here's why:
1) Developers generally tak... Joe Cochran
-
If this guys is an "expert" I'm a pink flying elep... Brendan
-
Mr Espiner,
Thank you for publishing this article... Anonymous
-
I love this idea!
You see, I own and manage a soft... Anonymous
-
just as soon as ass-hat politicians and televangel... who cares
-
If Developers should be liable for security holes... Anonymous
-
It's freaking' time... the difference between free... T2k
-
I love the idea. But if I wonder if any employer... Twan
-
If the developer is legally liable for his own cod... Bill Hauck
-
This is a standard business tatic...the compa... Charles H Martin, PhD
-
Poor Howard embarasses himself with this one. Anonymous
-
CEO's should be liable for company failures. The... Bernard Deuce
-
Howard Schmidt obviously has no understanding of h... Anonymous
-
Step up to plate Developers - don't just hide... Ben Williams
-
Great idea if ....
- You want to ensure that all s... Anonymous
-
Schmidt almost certainly doesn't know what he's ta... Rex Page
-
So going by Mr. Schmidt's logic, if tomorrow there... Rajesh Sharma
-
Seeing that lawyers have squeezed every drop of li... Anonymous
-
Ex-White House huh? Let me guess -- Bush crony?... Anonymous
-
Anyone who works in software security (and has a c... Anonymous
-
As a professional software engineer, I strongly di... Andrew Rondeau
-
He is a cowboy.
Security is moving target dumber.... Anonymous
-
Mr. Schmidt is obviously a fool. But if he is will... Sam
-
There is a total disconnect with reality!
Quality... Franz
-
Howard Schmidt is so naive about the subject of so... Rob C
-
Somebody has to stand up and say these things... Rob Lewis
-
I agree that software companies should try to make... Anonymous
-
How about to include any type of bug into company'... marius herghelegiu
-
The problem is that customers and employers don't... Anonymous
-
Mr. Schmidth seems to have found a way to quickly... Arthur B.
-
So, according to his theory, if someone hot-wires... Anonymous
-
Schmidt is unskiled and unaware of it. His inflate... Kathleen Fasanella
-
So, I assume he also wants to hold assembly line w... Anonymous
-
Another management guy pushing responsibility down... Anonymous
-
Does he believe that developers have the ultimate... Anonymous
-
As much as I'd like to be accountable, the level o... Anonymous
-
[rant type="trolling back at the article's antagon... Anonymous
Back to: Developers 'should be accountable' for security holes
