Once again, I expect I'm in the minority on this, but I'm quite happy to see that the European Commission wants consumer protection laws extended to software.
Before you reach for the pitchforks and run me out of town, hear me out. The BSA, representing Microsoft, IBM and Apple, don't want this because they feel that it would stifle development and that software is a fundamentally different thing from a toaster. While I agree that we're not producing toasters and our liability should be different from manufacturers of such, I don't believe this would stifle development. I believe it would fundamentally alter it. Instead of rushing to see how fast we could get our products to market, more time in software testing, penetration testing, fuzz testing, etc. More research into developing secure systems would take place and developers would actually know what OWASP stands for. Plus, this would fix one of the biggest issues with security: companies don't want to pay for security because those costs rarely generate revenue or losses great enough to justify said costs. It makes no economic sense for companies to care about security (remember: economics doesn't care a fig for ethics).
One complaint is that there might be less software interoperability. This is probably true and it's a sad price to pay, but if we care about our craft, sometimes sacrifices have to be made. And that, my friends, is the crux of the problem. I don't believe most software developers want to develop bad code, but they'd rather develop bad code than be told they can't play. While I'm sure many would deny this, watching the juvenile interactions that are the best many developers can maintain, I stand firm by my statement.
So the EC wants consumer safety laws and business/developers don't. Perhaps, just perhaps, we should find out what those laws are first? To whom do they apply and how? What are the penalties? Obviously it would be idiotic if we're talking about jail time; if it's merely the cost of the software, this might be too lean. If, instead, we had a reasonable indemnification for "good faith" efforts and modest penalties, I think this would be a good start. In fact, I would argue that "good faith" efforts should probably lean in favor of the businesses/developers to stop frivolous suits. Of course, how does one demonstrate "good faith" efforts in closed-source software?
I expect that most software develops would still prefer to say "no" rather than entertain even a shred of compromise, but like bankers receiving fat bonuses with bailout money, maybe, just maybe, the general public is tired of our justifications.
Update: there is one reason I would strongly object to consumer protections: if EC gets around to write said laws. I know that sounds paradoxical, but given some of the computer laws (and attempts) coming out of Europe, I don't really trust people who don't understand computers to regulate them.