ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Talkback

Post a comment


Story: Developers 'should be accountable' for security holes

  • Previous comment

Posted by: Andrew Rondeau (Thursday 13 October 2005, 4:12 AM)

  • Reply

As a professional software engineer, I strongly disagree with the stance that “Software developers should be held personally accountable for the security of the code they write”. My opinion is based on an engineering disaster that I studied when I was in college.

In 1986, the spaceship Challenger exploded, killing the astronauts that it carried. Upon investigation, it was found that the engineers who designed the faulty parts discovered the problem and notified management. The real fault for the Challenger disaster was miscommunication and an unwillingness to miss a launch date.

Negligent Software Developers are not the only cause of security holes. Inadequate testing, complicated development tools, lack of “proofreading” source code, poor user interfaces, and bad management also need to share the blame. For example, it is common in the software industry for management to set unrealistic development timelines, resulting in software is written quickly and shoddily.

With automobiles and baby strollers, the entire company is held liable for defects, not the engineers. Likewise, it is appropriate to hold software companies, not software developers, liable for security holes.

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Story: Developers 'should be accountable' for security holes

  1. If you are writing programs for a specific OS then... oldator
  2. Howard Schmidt sounds like yet another egghea... Bruce Allen
  3. Schmidt seems to be suggesting that the... jim bob
  4. Some of you guys are amazing. It's... Big Al
  5. Hmmm.. certainly got everyone... Stevie
  6. BUNK! Absolute bunk! Unless Schmidt acknowledges... Floyd May
  7. Brilliant...This is the fastest way I can thi... Stan Fisher
  8. This is nonsense. The company should be liable for... Anonymous
  9. Is an auto designer personnally liable for a... Glenn Branch
  10. Dammit! I'm so fscking SICK of these people who tr... Anonymous
  11. agree with software application security - th... Bill Dobson
  12. Bill - Let me guess... the additional pr... Coleman
  13. You can hold developers responsible... Rob Fielding
  14. Customers want developers to write software that d... Anonymous
  15. In most cases, the developer does not own the... Anonymous
  16. Developers don't make the decisions as to what is... Anonymous
  17. As a software developer my manager gives me a... Tom Jones
  18. I am sure he writes code every day!! Here is anoth... Anonymous
  19. This won't work for several reasons: ** Since most... Anonymous
  20. Software is extremely complex and will always be c... Jose Sandoval
  21. Consumers should be (and ultimately are, through l... Nathan Tenney
  22. If we take this to its logical conclusion we have... Anonymous
  23. Well this will certainly have the effect of gettin... Lawrence Foard
  24. CMM doesn't represent how good your developers are... Anonymous
  25. WHAT CONSTITUTES A SECURITY HOLE? WHAT ABOUT MISU... Dave Monk
  26. I'd love the time to make all my code completely s... Anonymous
  27. There are huge problems with this idea: a) develop... Ian Woollard
  28. Training is just one of the variables in this equa... Anonymous
  29. This is a clearly a bureaucrat tooting his own hor... Coleman
  30. Kiss my donkey Mr. Schmidt!! I wouldn't accept suc... Anonymous
  31. Not to speak lowly of a mans education, but Mr. Sc... Anonymous
  32. Has this person ever worked in a 'real world' prog... Anonymous
  33. Mr. Schmidt is gone senile Software products will... aspen
  34. Should a developer be held accountable for a secur... Anonymous
  35. Here's why Schmidt is an idiot. Individual develop... John Boe
  36. This is pure insanity and a perfect example of a p... Anonymous
  37. Mr. Howard Schmidt has no clue about software deve... Anonymous
  38. Let me guess... BUSH White House advisor. The arti... John Boe
  39. another idiot suit who got his job through cr... Anonymous
  40. Sounds like a great idea to me... What about other... Anonymous
  41. Bad idea. Here's why: 1) Developers generally tak... Joe Cochran
  42. If this guys is an "expert" I'm a pink flying elep... Brendan
  43. Mr Espiner, Thank you for publishing this article... Anonymous
  44. I love this idea! You see, I own and manage a soft... Anonymous
  45. just as soon as ass-hat politicians and televangel... who cares
  46. If Developers should be liable for security holes... Anonymous
  47. It's freaking' time... the difference between free... T2k
  48. I love the idea. But if I wonder if any employer... Twan
  49. If the developer is legally liable for his own cod... Bill Hauck
  50. This is a standard business tatic...the compa... Charles H Martin, PhD
  51. Poor Howard embarasses himself with this one. Anonymous
  52. CEO's should be liable for company failures. The... Bernard Deuce
  53. Howard Schmidt obviously has no understanding of h... Anonymous
  54. Step up to plate Developers - don't just hide... Ben Williams
  55. Great idea if .... - You want to ensure that all s... Anonymous
  56. Schmidt almost certainly doesn't know what he's ta... Rex Page
  57. So going by Mr. Schmidt's logic, if tomorrow there... Rajesh Sharma
  58. Seeing that lawyers have squeezed every drop of li... Anonymous
  59. Ex-White House huh? Let me guess -- Bush crony?... Anonymous
  60. Anyone who works in software security (and has a c... Anonymous
  61. As a professional software engineer, I strongly di... Andrew Rondeau
  62. He is a cowboy. Security is moving target dumber.... Anonymous
  63. Mr. Schmidt is obviously a fool. But if he is will... Sam
  64. There is a total disconnect with reality! Quality... Franz
  65. Howard Schmidt is so naive about the subject of so... Rob C
  66. Somebody has to stand up and say these things... Rob Lewis
  67. I agree that software companies should try to make... Anonymous
  68. How about to include any type of bug into company'... marius herghelegiu
  69. The problem is that customers and employers don't... Anonymous
  70. Mr. Schmidth seems to have found a way to quickly... Arthur B.
  71. So, according to his theory, if someone hot-wires... Anonymous
  72. Schmidt is unskiled and unaware of it. His inflate... Kathleen Fasanella
  73. So, I assume he also wants to hold assembly line w... Anonymous
  74. Another management guy pushing responsibility down... Anonymous
  75. Does he believe that developers have the ultimate... Anonymous
  76. As much as I'd like to be accountable, the level o... Anonymous
  77. [rant type="trolling back at the article's antagon... Anonymous

Back to: Developers 'should be accountable' for security holes