Slashdot Mirror

← Back to Stories (view on slashdot.org)

Who Is Liable For Software With Security Holes?

Posted by Hemos on from the are-you dept.

securitas writes "Interesting article over at eWEEK that asks who is and should be legally responsible for insecure software. Some say it's the manufacturer. Currently software is exempt from product liability as we've come to know it in the physical world. Others say the software licenses should make users responsible if they don't install patches and updates. Infosecurity czar Richard Clarke said in his speech at RSA that Nimda cost US companies an estimated $2 billion. Imagine if Microsoft was legally liable and a $2 billion suit was filed. Now extend that to the other jurisdictions outside the US. What does this mean to open source software, which is being used to a greater extent in corporate environments? Food for thought."

2 of 439 comments (clear)

  1. Its quite Obvious by phunhippy · · Score: 1, Redundant

    Correct answer is: Cowboy Neal!

  2. Re:Two sides to every coin by MarkLR · · Score: 0, Redundant

    No, you are entering a contract, you agree to free any source that you produce for publicly available programs from the source you download. If developers are responsible for the cost of bugs beyond that in the contract, the first big company to get hit by a Linux or Apache problem will sue.