Welcome to the new ZDNet! Give feedback or learn more about our updated design here. Or, return to the classic view.

Scientists: Fight flaws with laws

The National Academy of Sciences is urging lawmakers to hold software makers liable for security holes that lead to system break-ins. And that’s not all the group’s calling for.

Software makers should be legally liable for security holes in their products, according to a group of U.S. scientists.

The National Academy of Sciences is recommending that policy-makers create laws that would hold companies accountable for security breaches resulting from vulnerable products.

In a report released last week, titled "Cybersecurity Today and Tomorrow: Pay Now or Pay Later," NAS researchers urged lawmakers to take "steps that would increase the exposure of software and system vendors and system operators to liability for system breaches."

The researchers also called for laws that would require software makers to report security problems.

Currently, when a malicious hacker exploits a security flaw in a certain software program, a series of finger-pointing ensues, placing blame on everyone from the cracker to the researcher who discovered the problem. Usually, it's only the hacker who faces court action. The software maker, at worst, typically suffers from bad press.

In addition, companies often deny that their software has been exploited, saying they haven't heard any direct reports of security problems. Some claim a flaw discovered by a researcher is only theoretical and couldn't be duplicated in the real world.

But as security concerns mount in the wake of the Sept. 11 attacks, more companies are evaluating the safety of their products and focusing on trust.

Just last week, Microsoft Chairman Bill Gates urged his workers to make security the company's "highest priority." In the past, the company focused on adding new features to its software, sometimes at the expense of security. However, in an e-mail sent to Microsoft employees, Gates said the company should work on making its software "so fundamentally secure that customers never even worry about it."

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All