Researcher: Users Should Be Able to Sue over Insecure Code

by Developer.com Staff

A European academic argues that developers are liable for damages caused by buggy code.

University of Cambridge security researcher Dr. Richard Clayton has sparked a new debate by calling for developers to be held legally liable for preventable security problems in their software. Usually, End-User License Agreements (EULAs) require users to give up their rights to sue, but Clayton says legislators should outlaw such agreements. “It’s remarkable that of all the things that you could buy as a consumer, software is the one where you’re expected to make up your mind whether it’s dangerous,” Clayton said. “We’ve been saying for some years that what is required is to make people [developers] responsible for when they damage other people. If you went down to the corner of your street and started selling hamburgers to passers-by they can sue you [for any damage you cause].”

The idea has been brought up in the UK's House of Lords and by the European Commission, but neither body has yet passed laws that would allow users to sue developers for security flaws.

View article

This article was originally published on Wednesday Aug 29th 2012
Mobile Site | Full Site