I was a bit alarmed by this little jewel from former White House CyberSecurity Advisor Howard Schmidt: Hold Developers Liable for Flaws. However, a bit later, I found this: Hold Developers Accountable, Not Liable. What a schmuck! There is no way I would ever agree to be held liable unless I owned the project, the budget, and could control all inputs and outputs. I have to wonder if the backreeling was from Schmidt, a known idiot, or from ZDNet. If from Schmidt, well, that doesn't say much about his consulting business. If from ZDNet, well, that doesn't say much about their reporting. I do agree with the rebuttal in the first article and the point may have been made in the second article as well but I grew tired of the dribble and couldn't finish it: Businesses producing software and housing customer data should be held liable. Anywhoo, I have to wonder the following things:
- Is secure code more time consuming than our usual 'hacking and gouging like barbarians' (A term I often use when shaving)?
- Is secure code more expensive?
I think the answers are yes and yes until we perform a fundamental shift in the way we create software.