Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • I believe it would fundamentally alter it. Instead of rushing to see how fast we could get our products to market, more time in software testing, penetration testing, fuzz testing, etc.

    Do you have any evidence on which to base this belief? Would the natural response not instead be to divert more money to lawyers and compliance officers?

    Does this mean you would no longer be able to post code to Github, Sourceforge etc. without first performing security audits and CYA?

    -- Ed Avis
    • There is a fundamental issue well-known to economists that when a good has negative externalities [] (e.g., pollution), then the forcing those generating the externalities to internalize those costs is widely considered the fairest way to deal with them. The problem is really trying to assess what those costs actually are and which manufacturers are responsible for which portion of the costs (the devil is always in the details). Since software manufacturers clearly generate a product with negative externalit

      • A product does not have negative externalities merely because it harms its owner. If you want to pour diesel in your own fish tank, so be it; only pouring it into the local river is an externality. So just saying that software makers have a shoddy product is not enough to put them in the same category as noisy concerts, polluting factories, and view-blocking skyscrapers.

        Of course, there are negative effects to society as a whole from the existence of botnets, but that is true for almost any product: a c

        -- Ed Avis
      • A product does not have negative externalities merely because it harms its owner. You can pour diesel in your own fish tank; only when you pour it in the river does it become an externality.

        Of course there is harm to society as a whole from the existence of botnets. But some negative effect or another exists for any product from cars to telephones to books. There are many positive effects on society from the use of software, but makers don't get a special subsidy because of them. The quality of the pr

        -- Ed Avis
  • It will never fly. An interest group will quickly come to say, "while we in the EU are heaping on large costs to comply with the governments' rules on quality, the software makers in Brazil and the USA and whatnot are cheaper and quicker, and the consumers naturally go for them".

    How about this: like with organic/non-genetically-modified food, let the authorities issue a stamp of quality. Those who want or need high quality software will go for it. So this is a wholly volunteer thing and the market regulat

    • As for software from other countries, they may be cheaper and quicker, but we still have liability laws for non-software products from them. If a small shop in Texas sells their software in Europe via the Internet and they hurt people, you could still bring suit. For shrink-wrapped software, Europe could simply ban the software from being shipped here if they didn't comply. Granted you might not get anywhere suing software manufacturers from other companies, but that's the way it would work for smaller c

      • Microsoft will release more secure software and they'll probably be hurt by this because they've been going on too long without security.

        Why do you believe this? Microsoft is not in the habit of complying with regulations it considers annoying or onerous. I'm sure Microsoft is also very capable of demonstrating irreparable harm to its business (and if you want to talk about negative externalities, consider the cost to customers) by breaking all existing software.

        Maybe the government should also run a To

  • The only thing I want, and what I think is the original idea behind this proposal, is a money back guarantee, if you find the software doesn't do what you wanted it to do.

    Currently, software vendors hide behind a "no promise of fitness for any particular purpose" clause in the EULA, and I'd like to see this clause wiped out of existence.

    • That might be enough to satisfy me. However, what's to stop someone from buying the software, installing it, then returning it for a money-back guarantee and still using it? That would be problematic, I think. Still, this would go a long way towards mitigating some of the issues involved.

      • What's to stop someone downloading the same software via BitTorrent? I think that's really an argument about piracy rather than the issue at hand (and most medium to large companies don't pirate - at least on a large scale - because they can be audited).

        I agree with bart... a money-back guarantee - while it wouldn't solve every problem - would at least give consumers some protection (while crucially leaving "free as in beer" alone). Anything more (as much as I'd love to see MS et al suffer for their shoddy

      • The penalty needs to be only payable once actual harm or misrepresentation has been demonstrated, (thus preventing your hypothetical) and needs to be a large multiple of the price. That price including any consultancy fees, maintenance contracts and so on, not just the purchase price. This would make people who just release their software for free immune (a large multiple * 0 == 0), but those who run businesses around free software liable.
        • Free software is one thing, but what about open source? If someone releases free software that has a nasty security hole exposing your credit card data to others, then I would argue that there's a liability issue. If it's also open source, I think that would be a mitigating factor in liability.

    • It would be nice to use that guarantee to get my money back whenever I was forced to accept a copy of Windows along with the hardware that was all I really wanted to get.
  • I was writing a comment to agree with you Ovid, but it got too long and turned into a whole blog post: []

    In short, software engineers for safety-critical systems should be licensed and certified in the same way that practitioners of other engineering disciplines are. Far from harming those other industries, regulations, licenses, and certifications have had a real business benefit to them.

    Andrew Whitworth