Software developers to be held accountable for insecure software

Interesting news item on the PC Pro News website: Lords want sloppy software makers held to account.

The House of Lords Science and Technology Committee is renewing calls for software developers to be held legally liable for security flaws.

Nice to see that software security is being taken seriously.  Once they’ve nailed this could the Lords do something about spam next, please?

Published by

Gareth Saunders

I’m Gareth J M Saunders, 52 years old, 6′ 4″, father of 3 boys (including twins). Enneagram type FOUR and introvert (INFP), I am a non-stipendiary priest in the Scottish Episcopal Church, I sing with the NYCGB alumni choir, play guitar, play mahjong, write, draw and laugh… Scrum master at Safeguard Global; latterly at Sky and Vision/Cegedim. Former web architect and agile project manager at the University of St Andrews and previously warden at Agnes Blackadder Hall.

5 thoughts on “Software developers to be held accountable for insecure software”

  1. Really? I think it’s an incredibly BAD idea for open-source developers. It would be more to the point if *consultants* were liable, to ensure they tested their proposed solutions.

  2. Obviously, it needs to be thought through carefully and responsibly but on the whole I feel that it’s a good thing that those who write the rules are taking an interest in computer security, that they are taking it seriously; particularly since so much of our every day lives are now dependent on software … and this on a day when another news story breaks about lost data.

    As I understand it, the second draft of the Web accessibility guidelines (WCAG 2.0) takes into account the context and environment that a particular site is being launched into. So, for example, an intranet site for a small company used by a handful of fully-abled individuals doesn’t need to fulfil the same accessibility criteria as the government’s public website. Perhaps something similar should be implemented with regards software.

    But on the whole, if it encourages folks (open-source or commercial) to ensure to their best ability that their software is secure: great!

  3. I don’t see how legal responsibility will encourage the individual developer to continue their work. The risk of litigation over a small screwup would inevitably drive development efforts to those who can afford it, rather than those who have the brains to do it.

  4. I think in cases like this the Lords need security advisors and software experts on a panel. Software flaws are being reported all the time for programs and sites, theres now way the developers should be held accountable for it all.

    What about security flaws in WordPress, moveable type or Joomla that make a site penetratable, should we hold all the developers accountable? Bit rediculous if you ask me. Or apps like Firefox where events like Hack a Box make use of flaws? Good job with that one!

  5. Still … makes for a good debate, huh!

    “I don’t see how legal responsibility will encourage the individual developer to continue their work.”

    But other occupations have to abide by legal guidelines, e.g. plumbers, builders, architects, car manufacturers, electrical goods manufacturers … even clergy! Are software developers any different?

    Like I said it needs to be thought through properly, with the right kind of guidelines. And anyway, all I said was

    “Nice to see that software security is being taken seriously.”

    I wasn’t advocating the imprisonment of all slightly sloppy software developers.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.