Really? I don’t think this is at all similar to a car safety recall. That’s more like trying to issue a recall for a car because people can smash it’s windows and break in.
yeah of course it's an analogy. But by adding liability we'll get more recalls (patches) done. Vendors will stop playing FUD and will focus on the real cost of their security flaws.
And yes some will still not do patches, just like some car vendors are considered less trustworthy.
But at least the risk of suit will loom over their heads.
But the parent's point is that's still putting the liability on the vendor rather than the actual criminal. Perhaps it's more like if a car is sold without an immobilizer or an alarm, holding the manufacturer liable if it's stolen. But if that kind of fails, because it's pretty simple to mandate a handful of security additions to cars, whereas software is orders of magnitude more varied and complex. It would be hard for any vendor, let alone small companies, to prove they'd followed every conceivable best practice. Might even be impossible, as some likely conflict. And if you try to codify exactly what security practices should be followed, what do you do when those practices become obsolete?
maerF0x0|4 years ago
But at least the risk of suit will loom over their heads.
tempestn|4 years ago