Should developers be sued for security holes?

[InfoSec News <alerts () infosecnews org>]

http://www.techrepublic.com/blog/european-technology/should-developers-be-sued-for-security-holes/1109

By Nick Heath
TechRepublic
August 23, 2012

Takeaway: Software makers should face legal action if sloppy coding 
leads to hackers emptying users’ bank accounts, argues a Cambridge 
academic.

If you’re poisoned by a burger you can sue the restaurant that sold it - 
so why can’t you take a software developer to court if their negligent 
coding lets hackers empty your bank account?

That’s the question asked by University of Cambridge security researcher 
Dr Richard Clayton - who is calling for software makers to be made 
liable for damage resulting from avoidable security flaws in their apps.

Today software generally comes with End-User License Agreements that 
require the user to sign away their right to sue software developers if 
their app contains security flaws that leaves the user’s computer open 
to attack by malware.

Clayton is arguing for regulations that remove the developer’s right to 
waive any responsibility for security flaws in their software. It’s an 
argument that has already won support from officials across Europe, with 
a House of Lords committee recommending such a measure be implemented in 
2007 and European Commissioners arguing for the requirement in 2009 - 
however agreements to this effect have not been passed.

“It’s remarkable that of all the things that you could buy as a 
consumer, software is the one where you’re expected to make up your mind 
whether it’s dangerous,” Clayton says.

[...]