10 Apr 2015

Cyber security debate could move liability to software designers

Some of the most influential people in the cyber security sector, including the head of an arm of the CIA, are calling for liability for cyber weaknesses to be passed on to software designers in the numerous cases where their designs are faulty.

Software companies could be liable for weaknesses allowing cyberattacks jijomathaidesigners

The threat of hacking is one of the main problem areas facing lawyers who are finding themselves under growing pressure to tighten their systems. A half of IT security problems are estimated to be linked to poor design, according to the Center for Secure Design, a wing of the IT professionals body, the IEEE Computer Society. The particular problem comes with apps whose basic design can be faulty and not up to current standards. Updates might fix the failings in a superficial way but often do not correct the underlying weakness.

Vendors v buyers

Dan Geer, chief information security officer at an arm of the Central Intelligence Agency in the US, is one who has called for legal accountability to be pushed towards the designers. He works at the venture capital wing of the Agency, In-Q-Tel. Rolf von Ressing of Isaca, a global association of IT security professionals, said: 'Software vendors bring these products into the world with all their vulnerabilities, but it’s the companies that buy them that are left dealing with the consequences.' This debate could have very significant effects on the development of the software industry and the way that law firms and other buyers of their services protect themselves. Source: FT