There's an interesting story over at C|Net about proposed changes to software liability laws that would make companies responsible for security defects in their code. Software companies currently protect themselves from litigation with EULAs exempting them from all liability, but critics want consumers to have more power to sue over defective software.
To some, holding software to the same standards we do everything else makes a lot of sense, but it's a lot more complicated than that. For starters, software is extremely complex and certainly not easy to completely lock down; even Linux is full of holes, albeit ones that usually get patched rather swiftly. Of course, with Linux, who would be to blame for a security defect, anyway?
In my view, the biggest reason for software companies to remain free of liability isn't the complexity of software itself, but the fact that software is regularly targeted by those with malicious intent. You can say software should be as secure and reliable as a car, or a bridge, or any other consumer product, but how many of those products would stand up to a specifically targeted attack?
|Report: Intel TLC SSD 760p and QLC SSD 660p on the way soon||6|
|Tuesday deals: cheap SSDs, motherboards, and a sweet laptop||0|
|be quiet! displays its Dark Rock 4 and Dark Rock Pro 4 coolers||19|
|Gigabyte, Asus, and MSI prep updates against Meltdown and Spectre||39|
|EVGA teases its 2200-W power supply and Z10 keyboard at CES||25|
|Intel acknowledges Haswell and Broadwell reboots after patches||48|
|AMD will issue optional Ryzen and Epyc microcode updates for Spectre||27|
|Intel promises speedy exploit patches in its Security-First Pledge||16|
|ECS displays diminutive Liva-series systems at CES||5|
|I brought balance to the Force meme by making everything +/- 58, sadly it's been ruined now. :(||+10|