Latest Breaking News

pimpbot

(1,185 posts)

1. Its a good idea, in theory

Fri Mar 3, 2023, 09:06 AM

Mar 2023

It will be hard to codify what exactly would make the software company liable.

The most obvious scenario is a flaw in the code which lets an attacker in. But what if the flaw is actually in an open source library that the software uses? Who is liable in that case? What if the software company releases a patch but the end user doesn't update?

Then we look at configuration. There are tons of configuration options for a typical enterprise software application. Companies will usually release a reference or recommended configuration, which end users will customize to fit their environment. What if someone configures the software in a way the developer never intended?

Will software makers start requiring expensive service contracts to ensure their product is deployed and configured in an approved way?

I commend the administration for releasing this guidance. But I also realize anything that makes it through congress and their lobbyists will probably have little to no teeth.

Edit history

Please sign in to view edit histories.

Recommendations

0 members have recommended this reply (displayed in chronological order):

24 replies

= new reply since forum marked as read

Highlight:

Software Maker Liability Is Elusive Target of Biden Cyber Plan [View all] BumRushDaShow Mar 2023 OP

Its a good idea, in theory pimpbot Mar 2023 #1

I think the micromanaging to that level might not be necessary BumRushDaShow Mar 2023 #2

Insurance is a good idea pimpbot Mar 2023 #3

I expect that the easiest way for nefarious individuals to get into something BumRushDaShow Mar 2023 #4

Opinion: most software is rushed out the door without adequate security testing. usonian Mar 2023 #5

I used to run NetBSD back in the day BumRushDaShow Mar 2023 #8

BSD is great stuff. usonian Mar 2023 #10

I like how the *bsd and *nixes can run on old hardware BumRushDaShow Mar 2023 #11

Wasn't RH5 the last sparc release? I recall having had that distro. usonian Mar 2023 #13

Yes because me and my mentor buddy were running 5.1 on other stuff BumRushDaShow Mar 2023 #15

Oh, you're one of THOSE people... XorXor Mar 2023 #19

Easier? Why, difficulty and inscrutability filter out the amateurs!!! usonian Mar 2023 #22

I'm actually pretty neutral on it and don't have a hard preference XorXor Mar 2023 #23

Sometimes I get into some new stuff and I'm like "man, what the hell is going on here?" usonian Mar 2023 #24

Want secure Open Source software? HariSeldon Mar 2023 #17

Gets my vote! usonian Mar 2023 #18

Holding software makers responsible for damage caused by users of their software... thesquanderer Mar 2023 #6

The devil's in the details. usonian Mar 2023 #9

Software that is marketed knowingly having flaws. Historic NY Mar 2023 #7

I don't know if holding software engineers, software companies, developers, etc. is going to SWBTATTReg Mar 2023 #12

No agency can keep up. That's the nature of agencies/any large orgnization. usonian Mar 2023 #14

I predict bipartisan opposition to this bill Fiendish Thingy Mar 2023 #16

Where does that put security testing? Oneironaut Mar 2023 #20

Didn't see much in the way of specifics on how this would work XorXor Mar 2023 #21