Should Auditors Be Liable For Certifications?

dasButcher writes "Enterprises and mid-size business rely on auditors and service providers to certify their systems as compliant with such security regs and standards as PCI-DSS or SOX. But, as Larry Walsh speculates, a lawsuit filed by a bank against an auditor/managed service provider could change that. The bank wants to hold the auditor liable for a breach at its credit card processor because the auditor certified the processor as PCI compliant. If the bank wins, it could change the standards and liabilities of auditors and service providers in the delivery of security services."

What about the Dufus?

[siloko]

Well much as I like people to be held responsible for the quality of their work I think it is a bit much to expect technology certification experts to be held responsible for the dufus who puts his username and password on a PostIt stuck to his monitor . . .

Not a problem

IANAL, but as far as I recall there is the SCOTUS decision in Smoremberg vs. Entertaining Dance Clothing Corp. where the widow of a man sued a textile cooperation because her husband accidentially strangulated himself with the power cord of a power drill by slipping from a ladder while repairing the roof of his garage and wearing pink ballet shoes and a pink tutu.
The layers of the widow argued that the shoes were certified as "safe", but the company argued that this only referred to normal ballet dancing and not home repairs with power tools.

The very same argument could be applied here.

Re:Oh, this sounds like a good idea...

[JumpDrive]

Are developers held responsible for the quality of their products? Yes, Microsoft developers are held responsible for the quality of their products, can't you tell.