How to Cripple America's CyberSecurity Industry
Many of America's traditional industrial sectors have fallen on hard times. They have either been bypassed by a changing economy and/or foreign competition. One of the last crucial industries in which the United States is the undisputed world leader is in writing software code. Some people would like to change that.
There is an old truth that the way to make a small fortune on horses is to start with a large fortune. With modern industries, the way to make a small fortune is to start with successful companies and add trial lawyers. Unfortunately, there are proposals to unleash the trial lawyers not just on software companies but also on their employees.
At the SecureLondon 2005 conference, a consultant who is described as a "former White House cybersecurity adviser" said that "Software developers should be held personally accountable for the security of the code they write."
The former advisor and now consultant stated that "In software development, we need to have personal quality assurances from developers that the code they write is secure."
Can you think of a better way to ensure that no one in America ever again writes security-related code than to have software developers (some of whom may be barely out of school) face unlimited personal liability for their code, code which almost certainly is part of a much larger project? Can you imagine the trial lawyers rooting through a company's source code to identify the "defective" lines and determine who wrote them?
If such a proposal were enacted, America's security software industry would be outsourced overseas even before the trial lawyers got around to ruining the companies employing the developers.
The notion that cybersecurity would be improved by holding software developers or their employers liable for code bugs is akin the old Vietnam War adage of destroying the village to save it.
See ZDNet news story
|