Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
iPhone 5 rumor rollup for the week ending Feb. 10
Forget Public Cloud or Private Cloud, It's All About Hyper-Hybrid
Apple passes HP as largest tech company
How to get the IRS' attention: Forge nearly $8 million in tax returns, steal identities
Much of Western U.S. is a 3G wasteland, says FCC
How the Phoenix Suns basketball team takes on social media attacks
Microsoft details Windows 8 for ARM devices
Resume Makeover: How an Information Security Professional Can Target CSO Jobs
Blogger exposes major Google Wallet security flaw
Web app lets enterprise set security, sharing for Google Apps users
Cloudscaling to offer OpenStack private cloud platform
Macs take on the enterprise
Valentine's Day Patch Tuesday: Microsoft to issue 9 patches, 4 critical
Mobile World Congress sneak peek: Quad-core smartphones, Ice Cream Sandwich & more
/

Penalizing vendors brings consequences

Related linksToday's breaking news
Send to a friendFeedback

By Harris Miller
Network World, 04/22/02

The prospect of software vendor liability is gaining momentum in some government and legal circles. Some government and private sector CIOs have suggested imposing sanctions on vendors whose software is breached by viruses or other forms of intrusion, or increasing the exposure of software and system vendors to liability for such breaches. But doing so will jeopardize innovation, U.S. competitive advantage and benefits to consumers.

Your reaction
Join the discussion on this issue.

The potential costs of such highly subjective, generally frivolous lawsuits are dramatic. Civil liability actions against technology makers would:

  • Oversimplify the situation. Software is not and never can be infallible. It is a product of engineering, and like other products of engineering - automobiles, airplanes, buildings, bridges - the results are not perfect. No product can be 100% secure or operate flawlessly under every conceivable circumstance. As technology's benefits increase, so do the ways users find to misapply, misuse or modify it. In the security realm, vendors are sometimes left playing catch-up as an ever-expanding number of wrongdoers find malicious uses for products. Software development is a complex process conducted in a rapidly changing business and technical environment. Furthermore, the performance of a sophisticated information system involves multiple facets, products and factors. Focusing on civil liability for alleged software flaws diverts time, attention and resources from solving customer problems.

  • Stifle innovation. Vendors are always working to create better and more secure products, and allowing this development is best for consumers. Free market competition dictates this. Market forces are at work so software companies, service providers and technology users compete on the basis of security and functionality. The best producers of high-quality, secure software garner the most customers and succeed in this competitive environment. To introduce additional risk into this atmosphere will curb or even halt the development of newer and more secure products.

  • Compromise global leadership. Civil liability lawsuits will not only chill innovation but also the U.S. competitive advantage in the $200 billion global software industry. The U.S. plaintiff's bar and system is unparalleled, and actions by the bar that could hinder product development would result in lost technical jobs and productivity, jeopardizing our industry's leading position in global markets.

  • Punish the wrong people. Perhaps the most troublesome result of pursuing civil liability for vulnerabilities is the shift away from wrongdoers. The legal community would better serve its clients and citizens by supporting enhanced prosecution of computer crimes, stiffer penalties for hackers and increased cybercrime training for law enforcement.

    We cannot legislate quality, productivity or innovation. The marketplace sets those expectations. Having said that, computer use - and computer crime - will continue to increase this year. Lawsuits aimed at software vendors for creating products vulnerable to attack is the technical equivalent of charging safe makers with negligence because bank robbers crack safes. Let's focus our legal system on the real bad guys.

    • RELATED LINKS

    Miller is president of the Information Technology Association of America, a trade organization representing the U.S. IT industry. He can be reached at hmiller@itaa.org.

    Opposing view: Vendors should be held liable for the security flaws in their software.

    Forum
    What do you think? Jump into the discussion!


    NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
    Click here to sign up!
    New Event - WANs: Optimizing Your Network Now.
    Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
    Attend FREE
    Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.