« Decoding Javascript Malware | Main | Read RSS and get hacked »

Security expert: Make vendors liable for bad code

"many users, both at work and at home, aren't motivated to keep up with security because vulnerabilities are often unseen, leaving them unaware that they are risking their own operations -- and the larger global system of networks, Schneier said.

"I think things are getting worse, not better," he said.

To change that, the ultimate economic responsibility for better software should be moved directly to software makers, who can directly influence the creation of more secure applications, he said. "If there is liability, we'll pay more [for software], but at least we'll get better software out of it and things will improve," Schneier said.

A penalty system will ultimately result in a more secure global IT system through better-built and better-maintained products. "That's what I want to affect, and liabilities have a way of doing that," Schneier said. "

I personally think if this were to happen more security researchers will start getting sued since their research would have a direct financial impact. This isn't to say that we shouldn't keep finding vulns, we should :)

Article Link: http://www.computerworld.com/action/article.do...


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!