Howard Schmidt, former White House cybersecurity advisor is quoted in an article suggesting just this. Like many politicians his comprehension of the real issues borders on ignorance.

I am not advocating that software with security flaws is a good thing. In fact I would be the first to agree that developers need to do a better job (especially some developers). But asking developers to be accountable for the flaws is like asking the individual carpenters to be responsible for flaws in a house. It is the contractor’s problem if something is wrong with the job. In the same way it is the software vendor’s problem when something is flawed with a software product. Of course I could digress at this point into a big rant about software licensing and what does it mean to “own” software. I could also mention that in the open source model there is no vendor per se. But for the purposes of this particular blog entry let me just say that I disagree with Schmidt’s premise.

However what is really needed is a good understanding of what security is when it relates to software and the internet. Just as you could not hold a contractor responsible if your house was robbed and you had left the doors open, there is a circumstance at which the accountability changes from the vendor to the owner or even to the criminal or hacker. After all, the party that is really to blame when a house is robbed is the thief.

So rather than assign blame for security flaws, I believe the best answers lie in better methods of finding the culprits and bringing them to justice.


Leave a comment

Plain text

  • No HTML tags allowed.
By submitting this form, you accept the Mollom privacy policy.