Linked by Thom Holwerda on Thu 18th Jan 2007 23:42 UTC
Privacy, Security, Encryption Alan Cox, one of the leading Linux kernel developers, has told a House of Lords hearing that neither open- nor closed-source developers should be liable for the security of the code they write. Cox, who is permanently employed at Red Hat, told the Lords Science and Technology Committee inquiry into personal internet security that both open- and closed-source software developers, including Microsoft, have an ethical duty to make their code as secure as possible. "Microsoft people have a moral duty in making sure their operating system is fit-for-purpose," Cox said on Wednesday.
Permalink for comment 203280
To read all comments associated with this story, please click here.
by Hetfield on Fri 19th Jan 2007 00:06 UTC
Member since:

I'll have to agree that general liability for the security of code is wrong for a couple of reasons:

1. There is no absolute security; developers are just people, and people make mistakes.

2. It would pretty much kill off every little useful hobbyist application, every small open or closed source project, almost every small to medium software company, because those are exactly the ones who cannot afford extensive security audits, leaving only a handful of big players like Microsoft, Sun and IBM.

3. It would generally stifle (or at least severely slow down) innovation and progress, as developers would hesitate to introduce new features and explore novel methods of computing for fear of introducing new holes.

I do support, though, the idea of holding for-profit companies liable for negligence. There's a security problem unpatched for six months? Punish them. Bad software was knowingly released to the public? Punish them.

Reply Score: 5