Insecure Code - Vendors or Developers To Blame?

Insecure Code - Vendors or Developers To Blame?


Kettle = black;
(Score:5, Insightful)
by LaughingCoder (914424) Alter Relationship on Friday October 21, @11:49AM (#13845534)
"the former White House cybersecurity adviser, argued at a seminar in London that programmers should be held responsible for flaws in code they write."

OK. And to make it fair, let's let lawmakers be responsible for all the unintended consequences their legislation brings about.
--
If you're not the lead dog, the view never changes.
========

Secure code will never happen
(Score:5, Insightful)
by digidave (259925) Alter Relationship on Friday October 21, @11:55AM (#13845585)
(http://www.701.com/ | Last Journal: Wednesday January 08, @09:57PM)
I'm sick and tired of hearing talk about holding vendors or developers legally responsible for writing insecure code. It's impossible to write any complex application and not have security problems.

The software industry operates more like the automobile industry: they know their cars will have problems, so they freely fix those problems for the warranty period. Software's warranty period is as long as the vendor or developer say they'll support that software.

The major difference is with closed source software, after the "warrany" period is up you can't usually pay someone to fix the problems. Open source provides a great car analogy, because after, say, Red Hat stops supporting your OS you can still fix it yourself or hire a developer to fix it for you.

This is why nobody would buy a car with the hood welded shut. For the life of me I can't figure out why anybody would buy software with the "hood" welded shut.
--
The global economy is a great thing until you feel it locally.

==========

The real article by Bruce Schnier is in Wired:

http://www.wired.com/news/privacy/0,1848,69247,00. html [wired.com]

Its more interesting than the sound-bite-full ZD-Net summary.