Featured in this episode of Chaos Lever
An updated National Cyber Security document has been released by the Biden administration, and within is a proposal to hold companies liable for vulnerabilities in their software or services.
To say that this is controversial would be an understatement, of course it’s only really controversial for the vendors who make shitty, vulnerability-riddled software that major industries rely on.
Imagine your favorite software vendor was similar to a company that produces physical goods, let’s say a catheter manufacturer. And the shoddy workmanship of their catheters led to viral infections in 1 out of every 10 patients.
Should the manufacturer be held liable for their piss-poor quality assurance standards and the real damage caused by their negligence? Yeah, they probably should. And so should software vendors who manufacture shitty software.
It’s almost like there should be some kind of software development standards that vendors are held to, especially selling into industries like healthcare, transportation, and finance. You know, the sectors who keep getting hit with ransomware?
It should not be responsibility of consumers to pay for the testing of vendor software, or the consequences of their lax standards. I demand more of my catheter! Er, software.