Slashdot Mirror

← Back to Stories (view on slashdot.org)

Who Is Liable For Software With Security Holes?

Posted by Hemos on from the are-you dept.

securitas writes "Interesting article over at eWEEK that asks who is and should be legally responsible for insecure software. Some say it's the manufacturer. Currently software is exempt from product liability as we've come to know it in the physical world. Others say the software licenses should make users responsible if they don't install patches and updates. Infosecurity czar Richard Clarke said in his speech at RSA that Nimda cost US companies an estimated $2 billion. Imagine if Microsoft was legally liable and a $2 billion suit was filed. Now extend that to the other jurisdictions outside the US. What does this mean to open source software, which is being used to a greater extent in corporate environments? Food for thought."

7 of 439 comments (clear)

  1. Make the manufacturer responsible? by wdr1 · · Score: 2, Funny

    What does this mean to open source software...

    buh bye sendmail!

    -Bill

    --
    SlashSig Karma: Excellent (mostly affected by moderatio
  2. Gupta reads Slashdot by mESSDan · · Score: 4, Funny
    Classic quote at the very end of the article:
    "I hate to even speculate on this stuff," Gupta said. "I'm not a lawyer."
    (IANAL). Funny. Hell, we could have gotten an expert opinion worthy of that article just by one of our regular Slashdot users.
    --

    -- Dan
    1. Re:Gupta reads Slashdot by Anonymous Coward · · Score: 2, Funny

      Or JonKatz. It would go something like this:

      Who is liable for defective software? This is a question that has plagued many in its time. I intend on answering it. What we must do is write perfect software. Then there won't be defective software. But then, what if there is buggy software? Huh? Whatcha gonna do about it? Then you gotta sue. But it shouldn't involve legal action. It should be solved out of court but they should be legally liable. This question has plagued many people in it's time but I have solved it.

  3. The choices are obvious... by Fizzlewhiff · · Score: 5, Funny

    who is and should be legally responsible for insecure software?

    A. The Author/Publisher
    B. The User
    C. CowboyNeil

    --

    'Same speed C but faster'
  4. Me. by Anonymous Coward · · Score: 2, Funny

    It's all about me, I did it all. Blame me. Go ahead.

    Thanks,
    Al Gore

  5. Rod Serling Would Say... by guttentag · · Score: 5, Funny

    Its shameful, the way we try to pin the crimes of computers on people. A man buys a computer, the computer hacks into the Federal Reserve and and he goes to jail. Another man writes an operating system, a computer using that operating system smurfs AT&T but he goes to jail. The computers remain free to strike again... when will society hold computers accountable for their actions? When will we stop persecuting man for the crimes of his possessions? Perhaps some day... in the Twilight Zone. (insert cheesy dramatic music followed by annoying roll-credits music)

  6. Re:Did I read that right? by Colin+Bayer · · Score: 2, Funny

    Well what are the other 30%, then?!?!?

    Hehe... I know this is a joke, but...

    The other 30% are misconfigurations, incompatibilities, bugs in hardware, intentional backdoors (think Quake), misuse of interfaces designed specifically for interacting with other pieces of software (Windoze and BackOrifice or any of the semi-infinite number of Outlook e-mail worms, f'rinstance), cosmic rays, the Illuminati... pretty much everything under the sun except for bad coding on the part of the compromised program's author(s).

    --
    Want Linux games? HERE.