Toolkit
Story: Vendors, not developers, to blame for poor code
Posted by: Arthur B. (Thursday 20 October 2005, 10:43 PM)
Indeed, liability should be introduced at the level where the most positive difference can be made.
Since the brass usually doesn't take orders from lower staffed personal, like developers, it's clear where responsibility (e.g.: liability) should be placed if you want things to change.
That said, just introducing liability for computer security related problems at only the IT vendor level isn't enough. There are more organizations involved in the process that leads to implemented, poorly secure(d), software at customers sites. Examples would be IT Solutions Providers, IT System Houses, outsourcing companies, etc..
If we want to introduce liability for poor secure(d) software then we need to take into account all the factors. We can't have years long court battles involving a vendor claiming that their software is secure as long as you implement and maintain it correctly while the implementor and maintainer tells a different story and the customer is sitting in the middle getting nowhere fast.
In short. When pointing fingers of blame make sure there are no grey areas for anyone to hide in beforehand. That means covering all the bases.
Point to keep in mind. There should be a balance between what some external IT company can be held liable for and the amount of revenue achieved from the customer in question.
Full Talkback thread
Story: Vendors, not developers, to blame for poor code
-
Indeed, liability should be introduced at the leve... Arthur B. -
While this sounds like a good idea, it's highly im... RockyH -
There are two issues here:
1) I agree there is no... Anon
-
I agree that Developers should take more resp... Doug -
Currently, if you accept the EULA, you are telling... oldator
-
Fact is that if we do nothing then it's likely tha... Arthur B.
-
As a software developer, I can say that I am force... Michel Behna
