ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Talkback

Post a comment


Story: Developers 'should be accountable' for security holes

  • Previous comment

Posted by: Rob Fielding (Thursday 13 October 2005, 12:57 AM)

  • Reply

You can hold developers responsible: How many Windows PCs did you buy after your first virus hit you? Why did you do that?

The accountability system IS there. I went out spent a lot of money to get a Mac, as the probability of getting hacked into (at least for the moment) is extremely low ..for whatever reason you favor to explain it.

Pretty Damn Secure code in Preddy Damn Secure operating systems exist (ex: OpenBSD, EROS, etc) but nobody is buying it, few are working on it for a number of reasons:

0) Drivers & Apps. Not enough people are using secure operating systems, so you will have a hard time getting all your hardware and apps working on it.

1) Consumers don't want to pay what it actually costs to get something. They buy stuff from WalMart, get a $300 PC and wonder why companies are outsourcing to cheap labor economies.

2) Hell, people not only don't want to pay what it costs. They want everything (save hardware?) for free.

3) People want things to be easy. But they don't want to deal with security systems that can lock them out of their systems, they can't remember passwords, and don't like stiff restrictions on the use of their own software.

It's an economic problem. When people pay a premium for security, and make the creation of insecure code unprofitable you will see the problem stop. But hey, you are being outvoted by a hundred to one. If most of Microsoft's user base refused to buy/upgrade Windows until the problems were demonstrably solved, then Microsoft would surely fix the problem.

There are some indications that they have been under so much pressure over security that this starting to happen (yay!). But please, we don't need a CLEAN CODE MINISTRY.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Story: Developers 'should be accountable' for security holes

  1. If you are writing programs for a specific OS then... oldator
  2. Howard Schmidt sounds like yet another egghea... Bruce Allen
  3. Schmidt seems to be suggesting that the... jim bob
  4. Some of you guys are amazing. It's... Big Al
  5. Hmmm.. certainly got everyone... Stevie
  6. BUNK! Absolute bunk! Unless Schmidt acknowledges... Floyd May
  7. Brilliant...This is the fastest way I can thi... Stan Fisher
  8. This is nonsense. The company should be liable for... Anonymous
  9. Is an auto designer personnally liable for a... Glenn Branch
  10. Dammit! I'm so fscking SICK of these people who tr... Anonymous
  11. agree with software application security - th... Bill Dobson
  12. Bill - Let me guess... the additional pr... Coleman
  13. You can hold developers responsible... Rob Fielding
  14. Customers want developers to write software that d... Anonymous
  15. In most cases, the developer does not own the... Anonymous
  16. Developers don't make the decisions as to what is... Anonymous
  17. As a software developer my manager gives me a... Tom Jones
  18. I am sure he writes code every day!! Here is anoth... Anonymous
  19. This won't work for several reasons: ** Since most... Anonymous
  20. Software is extremely complex and will always be c... Jose Sandoval
  21. Consumers should be (and ultimately are, through l... Nathan Tenney
  22. If we take this to its logical conclusion we have... Anonymous
  23. Well this will certainly have the effect of gettin... Lawrence Foard
  24. CMM doesn't represent how good your developers are... Anonymous
  25. WHAT CONSTITUTES A SECURITY HOLE? WHAT ABOUT MISU... Dave Monk
  26. I'd love the time to make all my code completely s... Anonymous
  27. There are huge problems with this idea: a) develop... Ian Woollard
  28. Training is just one of the variables in this equa... Anonymous
  29. This is a clearly a bureaucrat tooting his own hor... Coleman
  30. Kiss my donkey Mr. Schmidt!! I wouldn't accept suc... Anonymous
  31. Not to speak lowly of a mans education, but Mr. Sc... Anonymous
  32. Has this person ever worked in a 'real world' prog... Anonymous
  33. Mr. Schmidt is gone senile Software products will... aspen
  34. Should a developer be held accountable for a secur... Anonymous
  35. Here's why Schmidt is an idiot. Individual develop... John Boe
  36. This is pure insanity and a perfect example of a p... Anonymous
  37. Mr. Howard Schmidt has no clue about software deve... Anonymous
  38. Let me guess... BUSH White House advisor. The arti... John Boe
  39. another idiot suit who got his job through cr... Anonymous
  40. Sounds like a great idea to me... What about other... Anonymous
  41. Bad idea. Here's why: 1) Developers generally tak... Joe Cochran
  42. If this guys is an "expert" I'm a pink flying elep... Brendan
  43. Mr Espiner, Thank you for publishing this article... Anonymous
  44. I love this idea! You see, I own and manage a soft... Anonymous
  45. just as soon as ass-hat politicians and televangel... who cares
  46. If Developers should be liable for security holes... Anonymous
  47. It's freaking' time... the difference between free... T2k
  48. I love the idea. But if I wonder if any employer... Twan
  49. If the developer is legally liable for his own cod... Bill Hauck
  50. This is a standard business tatic...the compa... Charles H Martin, PhD
  51. Poor Howard embarasses himself with this one. Anonymous
  52. CEO's should be liable for company failures. The... Bernard Deuce
  53. Howard Schmidt obviously has no understanding of h... Anonymous
  54. Step up to plate Developers - don't just hide... Ben Williams
  55. Great idea if .... - You want to ensure that all s... Anonymous
  56. Schmidt almost certainly doesn't know what he's ta... Rex Page
  57. So going by Mr. Schmidt's logic, if tomorrow there... Rajesh Sharma
  58. Seeing that lawyers have squeezed every drop of li... Anonymous
  59. Ex-White House huh? Let me guess -- Bush crony?... Anonymous
  60. Anyone who works in software security (and has a c... Anonymous
  61. As a professional software engineer, I strongly di... Andrew Rondeau
  62. He is a cowboy. Security is moving target dumber.... Anonymous
  63. Mr. Schmidt is obviously a fool. But if he is will... Sam
  64. There is a total disconnect with reality! Quality... Franz
  65. Howard Schmidt is so naive about the subject of so... Rob C
  66. Somebody has to stand up and say these things... Rob Lewis
  67. I agree that software companies should try to make... Anonymous
  68. How about to include any type of bug into company'... marius herghelegiu
  69. The problem is that customers and employers don't... Anonymous
  70. Mr. Schmidth seems to have found a way to quickly... Arthur B.
  71. So, according to his theory, if someone hot-wires... Anonymous
  72. Schmidt is unskiled and unaware of it. His inflate... Kathleen Fasanella
  73. So, I assume he also wants to hold assembly line w... Anonymous
  74. Another management guy pushing responsibility down... Anonymous
  75. Does he believe that developers have the ultimate... Anonymous
  76. As much as I'd like to be accountable, the level o... Anonymous
  77. [rant type="trolling back at the article's antagon... Anonymous

Back to: Developers 'should be accountable' for security holes