Thursday, October 20, 2005

Programmers could be liable for bad code.

"At a security conference last week, Howard Schmidt, the former White House cybersecurity adviser, took the bold step of arguing that software developers should be held personally accountable for the security of the code they write.

He's on the right track, but he's made a dangerous mistake. It's the software manufacturers that should be held liable, not the individual programmers. Getting this one right will result in more-secure software for everyone; getting it wrong will simply result in a lot of messy lawsuits."



Alan said...

As a programmer all I can say is that it figures that the lawmakers are going to come after Joe Schmoe that got an internship at Microsoft Corp. making $36,000 a year to code what the higher ups want windows to do. Other than figuring out how to translate what they want done into code a programmer, unless they are writing for their own programs, has zero say as to what goes into code. After the programmer finishes it then goes to a quality assurance department and then into a beta testing stage where it is used in a real environment. Mind you those two stages are just to make sure there are no bugs. Then it goes to market and if it is successful (like windows) only then does it attract a concerted hacker effort. Oh and surprise, surprise months or even years down the road hackers find a way to manipulate a portion of a program that was never intended for what the hackers do to compromise the system. So somehow that is supposed to be the programmer's fault? The nature of the internet makes it impossible to keep hackers out of a system if that system is connected. So long as a computer has to both upload and download data to make the internet work then that data can be intercepted, almost all hacks are based on three basic principles. Trick a user into downloading malicious data instead of what was intended, trick a computer into thinking that something that doesn't have security does have security giving the hacker access to your data, or cracking encrypted codes to obtain the information so no trickery is needed like your passwords. Somehow that is supposed to be the programmer's fault? That's not even microsoft's fault. Being able to sue a programmer because someone hacked the program he/she happened to build is like suing the builder of the house because someone broke into your home, or better yet not even the builder but the poor schmuck that did the painting before you moved in. The government should commision tracing software that can't be fooled by IP spoofing if they want to improve security otherwise cybercrime will always be there and the only way to deal with it is to lock the doors and bar the windows.

AppsByAaron said...

Or how about suing GM cause some goon keyed my car!