|
Also the hydro company that providies the electricity used to perform the theft shouldn't get away so easily!
modified 20-Oct-19 21:02pm.
|
|
|
|
|
If the developer has to be held liable for security holes, it should be mentioned explicitly in the contract and he can let another company do a security audit that he in turn can be held liable if it fails to find a security hole, etc...
It's all possible, but it will cost a lot of money out of the customers pocket, otherwise it would never be commercially viable.
If should be default by law, small and medium businesses would have no chance of ever being able to afford online innovation and it would kill the industry.
So, no bad idea...
Giraffes are not real.
|
|
|
|
|
Ah, an academic spouting forth from a position of ignorance. My response is based on UK requirements - both because my company is based in the UK, and because he is as well. Here companies that provide know how or skills are required to have Professional Indemnity Insurance in place to cover them precisely for situations like this. In other words, companies already have this covered.
One other point - how is he planning on applying this to off shore work?
|
|
|
|
|
Pete O'Hanlon wrote: how is he planning on applying this to off shore work?
That's an excellent question! Laws and regulations etc. are globally alike, aren't they
|
|
|
|
|
Pete O'Hanlon wrote: an academic spouting forth from a position of ignorance
Cambridge for crying out loud too!
Granted most of my work these days are academic in the form of being an adjunct faculty member, I still do enough development work with the real world to be able to share the experiences with my students, and I hope they learn something from it so there can be plenty of good quality developers out there when they finish school.
"Any sort of work in VB6 is bound to provide several WTF moments." - Christian Graus
|
|
|
|
|
IMHO, ours is an industry that relies on almost solely on self-policing and operates with abandon. It's only when companies are able to be held financially liable for the negative consequences of malfunctioning (i.e. buggy) software that we'll see management giving software quality its true due. Today, most software development is driven by time to market issues. Being first seems (a lot) more important than operating correctly.
/ravi
|
|
|
|
|
Yea ok, from now on I'll just turn down all job offers for software that does something important.
|
|
|
|
|
Hmmmmm.... I have heard that debate before, and some of the things I found were like " (What)? were you thinking?"
There doesn't seem to be too much sense in this argument either. As always, there will be loopholes, and this particular debate is a complete minefield. Upon thinking, most (if not all) security-related arguments and debates are minefields. And open-source developers would be hit quite hard, unless the exemption mentioned in the article was put in place.
And yes, I agree that this would kill the industry.
Me "Just because you are an academic doesn't mean you are smart. Or have common sense. Or actually make sense."
I think computer viruses should count as life. I think it says something about human nature that the only form of life we have created so far is purely destructive. We've created life in our own image.
Stephen Hawking
|
|
|
|
|
|
It should be looked at from a case by case approach. If the developer has been told to implement security and they do not, then yes. If not, the blame needs to fall on other shoulders.
"Any sort of work in VB6 is bound to provide several WTF moments." - Christian Graus
|
|
|
|
|
Is that like suing lock makers who don't make locks 'lock pick proof' resulting in your house being robbed?
|
|
|
|
|
That's a good idea. Some time ago we had a burglary in the neighborhood. They didn't use the door but the window. Now, when thinking of this, perhaps the glass company should've been sued
|
|
|
|
|
There should be some liablity for software companies, but it should be limited and subject to an investigation and jury trial. I don't think hackers are preventable in every case and who is really responsible for the security failure may not be clear. For instance, if a software company used .Net and there is a security issue, it could take an active investigation to find out whether the software company or Microsoft caused the security failure. I also think there should be limited liability for freelance developers because otherwise it makes being freelance very difficult and almost impossible, thus killing many small or start up businesses. Developers working for a company should have some liability depending on their position and the nature of the breach, and again any criminal prosecution should require a jury trial. I do think that some software and institutions should be held to a higher standard and the nature of the breach is important. Banks should be 100% liable for any hacker emtpying any bank account and if they want to sue a software vendor for lack of security, that should be allowed but subject to a trial. Security is a complicated issue and breaches must be addressed on a case by case basis. Software companies need to be held accountable, but the businesses that use the software and even the customer is responsible for security too. Consumers and non-IT people should be taught that security is their problem too. Most breaches are inside jobs by employees that have access to passwords or caused by consumers failing to protect themselves. Even in the case of the bank account, the consumer could be responsible for the breach because they allowed their computer to be infected by a virus. It should never be assumed the computer security is only the coders job and responsibility! Finally, please keep in mind that sloppy coding is almost always, in my personal experience, the result of management not giving enough time or resources to do the project right!
|
|
|
|
|
Mika Wendelius wrote:
argues a Cambridge academic.
Well if that's the case then professors should be held liable for failure to properly train students in secure coding practices...
Common sense is admitting there is cause and effect and that you can exert some control over what you understand.
|
|
|
|
|
|
|
I doubt it's ever been the most popular. Most installed yes, popular... no.
|
|
|
|
|
|
Pete O'Hanlon wrote: I doubt it's ever been the most popular. Most installed yes, popular... no.
People vote with their wallet. Even Vista is more popular than the combined desktop-systems from Apple - and that's saying something
Bastard Programmer from Hell
if you can't read my code, try converting it here[^]
|
|
|
|
|
Eddy Vluggen wrote: Even Vista is more popular than the combined desktop-systems from Apple IMHO, that's because there are more Intel PCs sold than Macs, and not because Vista is more popular than OSX.
/ravi
|
|
|
|
|
Ravi Bhavnani wrote: IMHO, that's because there are more Intel PCs sold than Macs, and not because Vista is more popular than OSX.
Not so fast buddy;
There are more x86-based machines with Vista sold than there are hardware-machines with OSX. Meaning that even Vista on a x86 apparently offers a better alternative. (Even compared with a free competing OS on the x86 hardware)
|
|
|
|
|
Is it possible to buy a generic x86 box and install OSX on it or will Apple only sell you the OS along with its hardware?
/ravi
|
|
|
|
|
Apple tries to make it so you can't install it on any machine (including VMs), but some people have managed to get around that.
|
|
|
|
|
That's what I thought. Which is why I don't think one can surmise that consumers prefer Vista to OSX. They're apples and oranges - or Apples and PCs.
/ravi
|
|
|
|
|
I don't think it is different for the majority of consumers though - most people buy their hardware and OS as a bundle, and it's not like you can buy a Mac with the option to have it running Windows either. Of course, you couldn't really include people who build their own machine in a fair comparison (like myself) because OSX isn't realistically an option for them.
|
|
|
|