Security threats Toolkit
Story: Developers 'should be accountable' for security holes
Posted by: Stevie (Monday 17 October 2005, 6:16 PM)
Hmmm.. certainly got everyone fired up hasn't it!
Free market economics will always tempt companies to cut corners to save costs. Shareholder/investors expectations of their board< their expectations of middle management and so on down the line to
the customers expectation for cheap as possible hardware/software.
However, there are companies out there that do a good job. Apple with the Ipod? Premium price, for the best selling (by a mile) personal music player, which has impacted back big time on their profits. The success comes from the mentality at the top, do it right first time and market it really well, rather than worrying about being first to market. Of course they can't make this work with the computer model because of peoples conditioning to "cheap computers/software"
If nobody wants accountability, then you can't moan about someone else's screw up either higher up or lower down the food chain, or at a different software company.
Result. More imperfection than would otherwise be neccessary. Everyone should accept responsibility, with the caveat that there are always mitigating circumstances. (and thats where the lawyers earn their money!)
If programmers are pushed to do things they are unhappy with, get a job elsewhere with a company that does things better. When you leave tell the previous company why. Eventually that company will go out of business because all the decent programmers have left, leaving the company millstoned with the dross, writing buggy software, which clients will stop buying, or sue over. The investors will pull out. Darwinism in full effect.
Yes I know this is an ideal world situation, but if you all did it, companies would be forced to change. BUT, of course, the real reason is that people will stick where they are in exchange for moolah, even though they are not happy. Human nature.
One of the great possibilities of the internet is the fact that virtual communities can be built by like minded people. So why arn't there lots of brilliant successfull software companies writing great secure software, formed by morally obligated collaborators from around the world? Could it be human nature again? That's why the Larry Ellisons of this world exist, driving things with their ego, being alpha male at all times. If you sit on the margins bitchin', but don't do anything about it , your'e not part of the solution. I refuse to work for people that abuse me intellectually or morally. I am, therefore, not very wealthy! You choose for yourselves.
Full Talkback thread
Story: Developers 'should be accountable' for security holes
-
If you are writing programs for a specific OS then... oldator -
Howard Schmidt sounds like yet another egghea... Bruce Allen -
Schmidt seems to be suggesting that the... jim bob -
Some of you guys are amazing.
It's... Big Al
-
Hmmm.. certainly got everyone... Stevie -
BUNK! Absolute bunk! Unless Schmidt acknowledges... Floyd May
-
Brilliant...This is the fastest way I can thi... Stan Fisher
-
This is nonsense. The company should be liable for... Anonymous
-
Is an auto designer personnally liable for a... Glenn Branch
-
Dammit!
I'm so fscking SICK of these people who tr... Anonymous
-
agree with software application security - th... Bill Dobson
-
Bill - Let me guess... the additional pr... Coleman
-
You can hold developers responsible... Rob Fielding
-
Customers want developers to write software that d... Anonymous
-
In most cases, the developer does not own the... Anonymous
-
Developers don't make the decisions as to what is... Anonymous
-
As a software developer my manager gives me a... Tom Jones
-
I am sure he writes code every day!! Here is anoth... Anonymous
-
This won't work for several reasons:
** Since most... Anonymous
-
Software is extremely complex and will always be c... Jose Sandoval
-
Consumers should be (and ultimately are, through l... Nathan Tenney
-
If we take this to its logical conclusion we have... Anonymous
-
Well this will certainly have the effect of gettin... Lawrence Foard
-
CMM doesn't represent how good your developers are... Anonymous
-
WHAT CONSTITUTES A SECURITY HOLE? WHAT ABOUT MISU... Dave Monk
-
I'd love the time to make all my code completely s... Anonymous
-
There are huge problems with this idea:
a) develop... Ian Woollard
-
Training is just one of the variables in this equa... Anonymous
-
This is a clearly a bureaucrat tooting his own hor... Coleman
-
Kiss my donkey Mr. Schmidt!! I wouldn't accept suc... Anonymous
-
Not to speak lowly of a mans education, but Mr. Sc... Anonymous
-
Has this person ever worked in a 'real world' prog... Anonymous
-
Mr. Schmidt is gone senile
Software products will... aspen
-
Should a developer be held accountable for a secur... Anonymous
-
Here's why Schmidt is an idiot.
Individual develop... John Boe
-
This is pure insanity and a perfect example of a p... Anonymous
-
Mr. Howard Schmidt has no clue about software deve... Anonymous
-
Let me guess... BUSH White House advisor.
The arti... John Boe
-
another idiot suit who got his job through cr... Anonymous
-
Sounds like a great idea to me... What about other... Anonymous
-
Bad idea. Here's why:
1) Developers generally tak... Joe Cochran
-
If this guys is an "expert" I'm a pink flying elep... Brendan
-
Mr Espiner,
Thank you for publishing this article... Anonymous
-
I love this idea!
You see, I own and manage a soft... Anonymous
-
just as soon as ass-hat politicians and televangel... who cares
-
If Developers should be liable for security holes... Anonymous
-
It's freaking' time... the difference between free... T2k
-
I love the idea. But if I wonder if any employer... Twan
-
If the developer is legally liable for his own cod... Bill Hauck
-
This is a standard business tatic...the compa... Charles H Martin, PhD
-
Poor Howard embarasses himself with this one. Anonymous
-
CEO's should be liable for company failures. The... Bernard Deuce
-
Howard Schmidt obviously has no understanding of h... Anonymous
-
Step up to plate Developers - don't just hide... Ben Williams
-
Great idea if ....
- You want to ensure that all s... Anonymous
-
Schmidt almost certainly doesn't know what he's ta... Rex Page
-
So going by Mr. Schmidt's logic, if tomorrow there... Rajesh Sharma
-
Seeing that lawyers have squeezed every drop of li... Anonymous
-
Ex-White House huh? Let me guess -- Bush crony?... Anonymous
-
Anyone who works in software security (and has a c... Anonymous
-
As a professional software engineer, I strongly di... Andrew Rondeau
-
He is a cowboy.
Security is moving target dumber.... Anonymous
-
Mr. Schmidt is obviously a fool. But if he is will... Sam
-
There is a total disconnect with reality!
Quality... Franz
-
Howard Schmidt is so naive about the subject of so... Rob C
-
Somebody has to stand up and say these things... Rob Lewis
-
I agree that software companies should try to make... Anonymous
-
How about to include any type of bug into company'... marius herghelegiu
-
The problem is that customers and employers don't... Anonymous
-
Mr. Schmidth seems to have found a way to quickly... Arthur B.
-
So, according to his theory, if someone hot-wires... Anonymous
-
Schmidt is unskiled and unaware of it. His inflate... Kathleen Fasanella
-
So, I assume he also wants to hold assembly line w... Anonymous
-
Another management guy pushing responsibility down... Anonymous
-
Does he believe that developers have the ultimate... Anonymous
-
As much as I'd like to be accountable, the level o... Anonymous
-
[rant type="trolling back at the article's antagon... Anonymous
Back to: Developers 'should be accountable' for security holes
