One Aging Geek

Friday, May 21, 2004

Clarke: Hold Developers Accountable for Software Insecurity

http://www.eweek.com/print_article/0,1761,a=127317,00.asp

By Dennis Fisher

NEW YORK—The federal government and private enterprise should band together and hold software developers responsible for the poor state of security of their applications, according to the White House's former top cyber-security official.

Speaking this week at the eWEEK Security Summit here, Richard Clarke, chairman of Good Harbor Consulting LLC, of Herndon, Va., and former chairman of the president's Critical Infrastructure Protection Board, said the inherent insecurity of most software produced today is a major factor in the troubles plaguing enterprises and home users.

To solve the problem, Clarke called on the government to put pressure on the software industry to develop and maintain secure coding practices.

"The reason you have people breaking into your software all over the place is because your software sucks," he told conference attendees. "I don't like the idea of 'buyer beware.' It was great in the 14th century, but I think we've moved beyond [that]."

Clarke also encouraged enterprises to get together and inform their vendors that they're not happy with the security of their software.

Yikes! I try pretty hard to write secure code in my job. We agonized for weeks over security in my current product. But would I want government regulation over it? Yikes!

Found via Phil Windley's Enterprise Computing Weblog.