Who Is Liable For Software With Security Holes?

securitas writes "Interesting article over at eWEEK that asks who is and should be legally responsible for insecure software. Some say it's the manufacturer. Currently software is exempt from product liability as we've come to know it in the physical world. Others say the software licenses should make users responsible if they don't install patches and updates. Infosecurity czar Richard Clarke said in his speech at RSA that Nimda cost US companies an estimated $2 billion. Imagine if Microsoft was legally liable and a $2 billion suit was filed. Now extend that to the other jurisdictions outside the US. What does this mean to open source software, which is being used to a greater extent in corporate environments? Food for thought."

Gupta reads Slashdot

[mESSDan]

Classic quote at the very end of the article:

"I hate to even speculate on this stuff," Gupta said. "I'm not a lawyer."

(IANAL). Funny. Hell, we could have gotten an expert opinion worthy of that article just by one of our regular Slashdot users.

The choices are obvious...

[Fizzlewhiff]

who is and should be legally responsible for insecure software?

A. The Author/Publisher
B. The User
C. CowboyNeil

Rod Serling Would Say...

[guttentag]

Its shameful, the way we try to pin the crimes of computers on people. A man buys a computer, the computer hacks into the Federal Reserve and and he goes to jail. Another man writes an operating system, a computer using that operating system smurfs AT&T but he goes to jail. The computers remain free to strike again... when will society hold computers accountable for their actions? When will we stop persecuting man for the crimes of his possessions? Perhaps some day... in the Twilight Zone. (insert cheesy dramatic music followed by annoying roll-credits music)