Scientists: Fight flaws with laws
Published: 24 Jan 2002 12:53 GMT
Software makers should be legally liable for security holes in their products, according to a group of US scientists.
The National Academy of Sciences is recommending that policy-makers create laws that would hold companies accountable for security breaches resulting from vulnerable products.
In a report released last week, titled Cybersecurity Today and Tomorrow: Pay Now or Pay Later, NAS researchers urged lawmakers to take "steps that would increase the exposure of software and system vendors and system operators to liability for system breaches."
The researchers also called for laws that would require software makers to report security problems.
Currently, when a malicious hacker exploits a security flaw in a certain software program, a series of finger-pointing ensues, placing blame on everyone from the cracker to the researcher who discovered the problem. Usually, it's only the hacker who faces court action. The software maker, at worst, typically suffers from bad press.
In addition, companies often deny that their software has been exploited, saying they haven't heard any direct reports of security problems. Some claim a flaw discovered by a researcher is only theoretical and couldn't be duplicated in the real world.
But as security concerns mount in the wake of the 11 September attacks, more companies are evaluating the safety of their products and focusing on trust.
Just last week, Microsoft chairman Bill Gates urged his workers to make security the company's "highest priority." In the past, the company focused on adding new features to its software, sometimes at the expense of security. However, in an email sent to Microsoft employees, Gates said the company should work on making its software "so fundamentally secure that customers never even worry about it."
See the Software News Section for the latest headlines on everything from peer to peer clients to Office software and beyond.
Have your say instantly, and see what others have said. Go to the ZDNet news forum.
Let the editors know what you think in the Mailroom.
Did you find this article useful?
15 out of 42 people found this useful
- Share this article:
