Slashdot Mirror

← Back to Stories (view on slashdot.org)

Holding Developers Liable For Bugs

Posted by CmdrTaco on from the you-gotta-be-kidding-me dept.

sebFlyte writes "According to a ZDNet report, Howard Schmidt, ex-White House cybersecurity advisor, thinks that developers should be held personally liable for security flaws in code they write. He doesn't seem to think that writing poor code is entirely the fault of coders though: he blames the education system. He was speaking in his capacity as CEO of a security consulting firm at Secure London 2005."

2 of 838 comments (clear)

  1. Sarbanes-Oxley by ihistand · · Score: 3, Informative

    I write financial reporting software for my company. Before anything is installed, even the most minor one-line bug fix, I have to sign a Sarbanes-Oxley statement of compliance. There are criminal consequences for not performing these steps properly. My QA person also has to sign this. My CIO is also held personally responsible, in that he/she could go to jail if something I wrote caused inaccurate financial reports to be released.

    I suspect many people who write software, like myself, are already personally responsible. And so we should.

  2. OT: Clinton did not lie under oath by brlewis · · Score: 5, Informative

    Under oath, Clinton was given a very specific definition of sexual relations, and according to that definition he didn't have sexual relations with Monica Lewinsky. Where he did lie was to turn around and say the same thing to the American people. We didn't give him any such specific definition, so he should speak our language.