Based on the Talkbacks to a recent news story about a "highly critical" security flaw in RealNetworks' RealPlayer media player software, the aged-old question of whether software vendors can be held accountable for insecure or buggy software is once again rearing its two heads. I say two because the answer is both yes and no.
On the bad news front, if you want my take on this, the answer legally speaking is no. As I wrote in a nearly four year old story about whether Microsoft is liable or not for the security flaws in its software as well as any resulting damages, software vendors cannot be held accountable. Including the precedent setting TJ Hooper tugboat case (yes, tugboats have something in common with software, sort of), there's a four-point legal negligence and liability acid test that software vendors may not come close to satisfying.
On the good news front, any vendor can be held accountable by the wallets in our pockets. The problem is that most people and businesses are too chicken to cross that road. This is evidenced by the way certain products with a long-term track record of untrustworthiness continue to get widespread usage. Ironically (well, maybe not since it's a life or death issue), car and tire manufacturers (ie: Ford and Firestone) aren't traditionally as lucky when their products develop a certain notoriety for failure. Apparently, money doesn't run a close enough second place to life or death.