Some software application bug must have really pissed of Commissioners Viviane Reding and Meglena Kuneva as they want software developers to be held liable for the security and efficacy of their product.
Alen Cox, one of the leading Linux kernel developers argues against the liability. “Closed-source companies could not be held liable for their code because of the effect this would have on third-party vendor relationships”
Bruce Schneier has a really good article about the commercial effect of liability. In short the commercial cost of fixing your bugs is not as economic (they never heard of Typemock) as adding a new feature, but having a liability law will change this cost and force more CEO’s to spend more money on the quality of their code.
"We’re making software as secure as we possibly can. People don’t look at window-lock makers for the responsibility for burglary — the responsibility tends to rest with perpetrators," said Jerry Fishenden Microsoft’s national technology officer
Are we doing the best we can?
So, are we doing the best we possibly can? Should software developers be liable when they are sloppy and non professional. A doctor is liable if he makes a mistake, we should be liable if we are sloppy?
As an industry we still have a long way to reach the standards that we already have in specific markets, MISRA, DO-178B, PCI, Sarbanes-Oxley and FDA’s medical device standard. Should the software industry create or adopt a standard to draw the line of liability?
If we did have this standard, what would you say would be the minimum required actions that we have to do, to be exempt from liability? What would define a professional vs a sloppy developer.