Critics call for software liability
There's an interesting story over at C|Net about proposed changes to software liability laws that would make companies responsible for security defects in their code. Software companies currently protect themselves from litigation with EULAs exempting them from all liability, but critics want consumers to have more power to sue over defective software.
To some, holding software to the same standards we do everything else makes a lot of sense, but it's a lot more complicated than that. For starters, software is extremely complex and certainly not easy to completely lock down; even Linux is full of holes, albeit ones that usually get patched rather swiftly. Of course, with Linux, who would be to blame for a security defect, anyway?
In my view, the biggest reason for software companies to remain free of liability isn't the complexity of software itself, but the fact that software is regularly targeted by those with malicious intent. You can say software should be as secure and reliable as a car, or a bridge, or any other consumer product, but how many of those products would stand up to a specifically targeted attack?