Insecure Code - Vendors or Developers To Blame?

Annto Dev writes "Computer security expert, Bruce Schneier feels that vendors are to blame for 'lousy software'. From the article: 'They try to balance the costs of more-secure software--extra developers, fewer features, longer time to market--against the costs of insecure software: expense to patch, occasional bad press, potential loss of sales. The end result is that insecure software is common...' he said. Last week Howard Schmidt, the former White House cybersecurity adviser, argued at a seminar in London that programmers should be held responsible for flaws in code they write."

Re:Why not?!

[pilgrim23]

The Code of Hammurabi has one of the oldest product liability clasues in history: If a building colapses and kills people, the builder shall be stoned to death. One could make the punishment fit the crime in that way: The bug revealed your email addrss to spammers; force the programmer into reading spam all day....and MAKE him reply to all the unsubscribe links ;)