That’s what one so-called “expert” thinks should happen. While most people will agree that security is a major issue, not everyone agrees on what should be done to combat security problems. This suggestion has got to be the most creative and ridiculous one I’ve come across:
Software developers should be held personally accountable for the security of the code they write, said Howard Schmidt, a former White House cybersecurity adviser.
Speaking Tuesday at the SecureLondon 2005 conference, Schmidt, who is now CEO of R&H Security Consulting, also called for better training for software developers. He said he believes that many developers don’t have the skills needed to write secure code.
If we’re going to hold software developers liable for their code, why don’t we hold users liable for their mistakes and errors too? Heck, why stop there! We might as well hold the farmer who grew the potatoes used in McDonald’s french fries liable for making people fat! Seriously, Schmidt is just way off base with regards to the liability issue. Training is one thing, liability is quite another.
You just can’t look at a piece of code and say with absolute certainty that it’s secure, even if you have proper security training. First of all, the developer cannot anticipate all of the ways in which the code might be used, nor can he/she predict what future technologies might impact the code. Secondly, there is quite often more than one developer who touches a piece of code, so it may not be written with the same caution or mind for security each time. There’s just too much uncertainty. Software development is often called “Computing Science” but a large portion of it is more “art” than “science”.
Read: CNET News.com