By Topic

Two views on security software liability. Let the legal system decide

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
D. J. Ryan ; George Washington Univ., Washington, DC, USA ; C. Heckman

Rather than use the product liability screwdriver as a chisel, why not consider a package of more effective tools. Corporations and individuals that market software despite knowledge of software security flaws should face criminal prosecution as well as civil lawsuits with punitive damages. Perhaps bounties should be available for the first to discover and establish the existence of a security flaw. Publishers should be required to post to the Web and otherwise publicize promptly patch availability. The software equivalent of an Underwriters Laboratories should establish and constantly improve security-related standards and testing protocols. It should be made readily apparent whether a program has passed and at what level. Prospective customers should be educated and encouraged to insist on software that has passed. Stronger software security is important. Software developers and publishers must do better. But product liability is not the right legal tool for the job.

Published in:

IEEE Security & Privacy  (Volume:99 ,  Issue: 1 )