Slashdot Mirror

← Back to Stories (view on slashdot.org)

Holding Developers Liable For Bugs

Posted by CmdrTaco on from the you-gotta-be-kidding-me dept.

sebFlyte writes "According to a ZDNet report, Howard Schmidt, ex-White House cybersecurity advisor, thinks that developers should be held personally liable for security flaws in code they write. He doesn't seem to think that writing poor code is entirely the fault of coders though: he blames the education system. He was speaking in his capacity as CEO of a security consulting firm at Secure London 2005."

17 of 838 comments (clear)

  1. Hey, God by Anonymous Coward · · Score: 5, Funny

    About this little thing called "the mosquito" which we received as part of Earth v1.0....

  2. Says it all by ackthpt · · Score: 3, Funny
    ex-White House cybersecurity advisor

    I didn't catch the ex- part the first look and thought "whaaaat?" as I know the current White House occupation force is very Microsoft Friendly and would never endorse such sentiments.

    --

    A feeling of having made the same mistake before: Deja Foobar
  3. Education system? by JemalCole · · Score: 5, Funny

    He doesn't seem to think that writing poor code is entirely the fault of coders though: he blames the education system.

    You know, I don't think it's entirely his fault that he's an idiot: I blame the education system.

  4. No one is responsible by Anonymous Coward · · Score: 1, Funny

    No one is responsible for security flaws in software products. It says so in the EULA.

  5. Re:Send jobs overseas, CMM by Velox_SwiftFox · · Score: 4, Funny

    You're leaving out the lower levels. I take it CMM-1 is the level where if the software suddenly causes monkeys to fly out of the butt of the user, that it is perfectly within the specification?

  6. Re:Right. by Anonymous Coward · · Score: 1, Funny

    ah - but if you lose the court case, then it's actually the lawyers fault so he gets to pay the damages....
    sounds good to me!

  7. Re:Who is the bad guy? by ScentCone · · Score: 5, Funny

    Whatever happened to holding the people who exploit vulnerabilities responsible?

    That's crazy talk! What are you thinking, man? Next you'll suggest that when I walk down the street with my entire head completely exposed and vulnerable, that somehow the mugger than hits me over the head with a baseball bat may somehow be responsible for the outcome! See how crazy you are?

    Or, when I lock my door and leave my house for the day, and a guy comes along with a sledgehammer and just breaks in anyway - I suppose you think that the person with the sledgehammer is somehow responsible for that? Totally twisted, man.

    --
    Don't disappoint your bird dog. Go to the range.
  8. Re: Hold Government Leaders personally responsible by Black+Parrot · · Score: 2, Funny
    > That proposal sounds fine, but then we should hold government leaders personally responsible for wrongdoings of government.

    My solution is, at the end of a politician's term hold an election where the only two options are:
    • grant him another term
    • send him to prison
    Maybe that would help guide their behavior.

    OTOH, shouldn't the voters who put a bad man in office go to prison for it?
    --
    Sheesh, evil *and* a jerk. -- Jade
  9. Re:Right. by xtracto · · Score: 2, Funny

    Obligatory simpons quote:

    Lionel Hutz
    "Can you imagine a world without lawyers? (Then he imagines everybody holding hands, dancing together, and shudders)"

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  10. Re:Right. by hackstraw · · Score: 2, Funny

    Sure, let's sue the pants off anyone who does anything wrong. Let's make it impossible for anyone to create anything new or different. Cradle-to-grave protection, ensured by armies of well-intentioned and socially-responsible attorneys -- that's the sure way to economic success!

    Better watch out, I have a patent pending on such a thing right now. Anybody with such a plan will have to license it from me!

  11. I'm all for this... by jnaujok · · Score: 3, Funny
    As the only comparable occupation where one is held liable for every action, this would put me in the same category as a medical doctor. That means:

    • My salaray immediately jumps to the $500 to $1000 per hour range
    • The number of people willing to code drops close to zero
    • I carry "Security-Flaw Insurance" to cover my code
    • I can demand only the most up-to-date equipment and refuse to work without it
    • I only have to see one manager every two hours, and that for five minutes. The rest of the time I only have to have my nurse/assistant deal with them.
    • My nurses/assistants do 90% of the work, but get paid 5% of the money
    • You can come to me with requirements, but I'll tell you what we're going to do about them. If you don't like it, go get a second opinion from my other coding friend.
    • I only write about 15 lines of code every day
    • I come to work at 10:00, take a two hour lunch, and leave at 3:30
    • Computer companies give me free stuff to recommend their products
    • One word: Golf

    So, heck yeah, cripple the IT economy, and make me stinking rich!
    --
    Life, the Universe, and Everything... in my image.
  12. Re:Who is the bad guy? by rishistar · · Score: 2, Funny

    Nah, that requires too much effort. It is much easier to find someone whos name is tied to the code.

    That'll teach those coders to put their names at the top of files.

    --
    Professor Karmadillo Songs of Science
  13. Code of Hammurabi by HTH+NE1 · · Score: 4, Funny

    In the Code of Hammurabi, 18th Century B.C.:

    If a contractor builds a house for a man and does not build it strong enough, and the house which he builds collapses and causes the death of the house owner, than the contractor shall be put to death.

    If it causes the death of the son of the owner, then the son of the contractor shall be put to death.

    This is of particular interest to me as I contribute code to software used to design steel buildings. I would not want to see this code reapplied today to dwellings or programming.

    --
    Oh, say does that Star-Spangled Banner entwine / The myrtle of Venus with Bacchus's vine?
    1. Re:Code of Hammurabi by Anonymous Coward · · Score: 4, Funny

      "If a contractor builds a house for a man and does not build it strong enough, and the house which he builds collapses and causes the death of the house owner, than the contractor shall be put to death.
      If it causes the death of the son of the owner, then the son of the contractor shall be put to death.      "

      If it causes the death of the owner's boss, then the contractor's boss shall be put to death.

    2. Re:Code of Hammurabi by Duhavid · · Score: 3, Funny

      And there was much rejoicing!

      --
      emt 377 emt 4
  14. Re:CMMI by sik0fewl · · Score: 2, Funny

    If only computer programmers were the ones that drafted laws..

    --
    I remember when legal used to mean lawful, now it means some kind of loophole. - Leo Kessler
  15. Re:Iterative Development by jafac · · Score: 2, Funny

    Scary, but you just described my company's business process. I think it's even documented that way. ;p

    --

    These are my friends, See how they glisten. See this one shine, how he smiles in the light.