iang over at Financial Cryptography has a thought-provoking discussion of liability (ht @alexhutton) and its corresponding risks. I think I added a comment (but can’t be sure) that said this:
Culture and consciousness is all a distraction and very malleable. What really matters at the end of the day is the relative number of vulns in the software.
Also, worth noting that “secure software” is a derivative goal of less risk – that is, fewer incidents. We often opt for the former in the face of the latter, which is counterproductive.
Liability is a horrible idea. Here are some reasons why:
- It’s unenforceable.
- It will destroy innovation.
- It will destroy open-source.
- It will create an Xbox Internet.
- It will double prices.
- It will force lock-in.
- And, finally — it won’t work.
Those come circa 2005 from my commentary here: To Sue is Human; To Err Denied