Slashdot Mirror

← Back to Stories (view on slashdot.org)

Outlining a World Where Software Makers Are Liable For Flaws

Posted by timothy on from the mattress-has-a-pea-beneath dept.

CowboyRobot writes with this piece at the ACM Queue, in which "Poul-Henning Kamp makes the argument for software liability laws. 'We have to do something that actually works, as opposed to accepting a security circus in the form of virus or malware scanners and other mathematically proven insufficient and inefficient efforts. We are approaching the point where people and organizations are falling back to pen and paper for keeping important secrets, because they no longer trust their computers to keep them safe.'"

8 of 508 comments (clear)

  1. Sure by recoiledsnake · · Score: 5, Insightful

    It will just cost 100x more, just like healthcare with the torts. Time to take out software developer insurance, similar to the healthcare insurance of approximately 1 million dollars a year paid by doctors these days.

    --
    This space for rent.
    1. Re:Sure by Anonymous Coward · · Score: 4, Insightful

      It's very important we decimate the last industry the US has that's still mostly functional, profitable, and productive

    2. Re:Sure by mandelbr0t · · Score: 4, Insightful

      Give me a fucking break. First I was hired as a hacker, then I was told that I no longer had the required credentials to work in software, and now you want to tell me the degree I've gotten is the wrong one? Go fuck yourself. I have no problem carrying liability insurance, but this shared delusion that only engineers can possibly write good code is merely an attempt to make software development an activity of the elite. And people wonder where groups like Anonymous and LulzSec come from.

      --
      "Please describe the scientific nature of the 'whammy'" - Agent Scully
    3. Re:Sure by slippyblade · · Score: 4, Insightful

      am a programmer - and i would be willing to stand behind my code used in the environment for which it was intended..

      ROFL! Wow, you actually expect liability to be limited to the scope the product was INTENDED? That ranks up there with lawsuits against toys because little jimmy choked on a Lego brick or Peggy Sue shoved a jet fighter figure up her nose and shot the plastic missile into her sinus. There is no limit to the stupid and out of intended uses people will put things. There is NO SUCH THING AS IDIOT PROOF. The world keeps making better idiots. If this becomes law, at some point you WILL be sued. No ifs, ands, or buts about it.

    4. Re:Sure by Anonymous Coward · · Score: 4, Insightful

      the fact that software for so long has gotten away with "good luck, thanks for the cash" mentality is kinda sad

      Genuinely critical software isn't usually handled like this.

      The whole premise is retarded. You want guarantees? Great, we already have a handy tool of commerce for that. They're called contracts. Just a heads-up... it's going to cost more.

    5. Re:Sure by dohnut · · Score: 5, Insightful

      No, licensed engineers just cover their asses better.

      Or do you think the engineer should be held liable when someone parks a 30 ton vehicle on a bridge rated for 10 tons and the bridge fails? Well, then why should a software developer be held liable when the software asks you to enter your name and, instead, you feed it data which causes a buffer overrun which allows you to root the database server and steal everyone's credit card numbers? If you would have just entered your name correctly that never would have happened. A clear case of misuse if I ever saw one.

      I think software developers should be liable but the liabilities need to be defined first. And if someone hacks the software outside of the scope of the security standards and practices that have been set by the government, put in place correctly by the developer and verified by the assigned regulatory bodies then there is no liability if something goes wrong.

      Meanwhile the cost and time required to develop software will skyrocket. If you need any evidence of that, just look at how much time and money it takes to build a bridge these days.

      --
      Stupider like a fox! - H.S.
    6. Re:Sure by Microlith · · Score: 4, Insightful

      They already have the beginnings in place.

      It's called "patent indemnification," which they insist that vendors must have. Yes, effectively "patent violation insurance" to keep other companies off your back. Granted it's not entirely "liability insurance" but it's a step towards the state where you cannot develop software independently, but instead must be under the thumb of some larger corporation (or somehow have millions in insurance) to write and distribute software.

  2. People need to stop equating software to buildings by Derekloffin · · Score: 5, Insightful

    You can overbuild a house, it generally makes it stronger. You over code a piece of software it just adds to the number of possible points of failure. The two really aren't good analogies for each other. That doesn't even consider things like how maintenance of both is handled, interactions of hardware, varying setups, and just simple complexity.