Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. General talk
  3. The Lounge
  4. Should developer pay...

QtWS: Super Early Bird Tickets Available!

Should developer pay...

Scheduled Pinned Locked Moved The Lounge
6 Posts 6 Posters 2.3k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • B Offline
    B Offline
    broadpeak
    wrote on last edited by
    #1

    "Should developer pay?":http://www.techrepublic.com/blog/european-technology/should-developers-be-sued-for-security-holes/1109

    1 Reply Last reply
    0
  • S Offline
    S Offline
    Sam
    wrote on last edited by
    #2

    nice one.

    1 Reply Last reply
    0
  • sierdzioS Offline
    sierdzioS Offline
    sierdzio Moderators
    wrote on last edited by
    #3

    Might be a good idea, but when you realise that actual judges would have to decide what was an "avoidable flaw", it gets scary.

    (Z(:^

    1 Reply Last reply
    0
  • C Offline
    C Offline
    CreMindES
    wrote on last edited by
    #4

    Yes, it really depends on the actual situation and circumstances, and I don't think that we are - at least I not for sure - be able to draw a line for this narrow border.

    1 Reply Last reply
    0
  • L Offline
    L Offline
    lgeyer
    wrote on last edited by
    #5

    No, it will just fall flat for many reasons:

    • What is 'neglicent coding'? And who's responsible for defining it? You either have an exhaustive list enshrined in the act, which is not expedient nor quite likely, or you have courts deciding, which do not have the required expertise.
    • The 'culprit' problem. Was it the security flaw in application A? Or was it the malicious piece of software running in the background, installed due to a security flaw in application B? How can one prove that it was or wasn't the former? Or exclude that it wasn't the latter? Was it a flaw in a probably updated external (system) library, which made the application vulnerable? Just because there is a known vulnerability in application A, does this mean data has been stolen using this vulnerability?
    • The 'preservation of evidence' problem? What happened after the data has been stolen due to a security flaw but before it was recognized? Has the system been modified? How can you exclude it hasn't been?

    Although I understand the motivation behind (and agree to it to a certain degree) such a regulation is practically impossible to implement in a way that it fulfills this motivation.

    1 Reply Last reply
    0
  • U Offline
    U Offline
    utcenter
    wrote on last edited by
    #6

    That would definitely put a stick in the wheel of "progress" - bugs aren't hard to avoid but since support is paid and so are new releases, it is profitable to make software suboptimal. Most of the harmful code out there is 100% intentional, the more problematic code the more solutions to it get sold.

    And it doesn't apply to software too, the entire industry is very concerns with not making products too good, too durable or too versatile. Planed flaws, limitations and obsolescence is everywhere you look. In some cases, like cars - this ends up costing human lives, but good luck suing a major car manufacturer because he didn't manufacture the product better. That's what EULA's are all about, the longer and more tedious the user agreement is the more chance the user doesn't even bother reading it, and agreeing to NOT SUE and that he voluntary accepts a product with all its flaws.

    1 Reply Last reply
    0

  • Login
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved