Puts the kibosh on 3rd party libraries?
So I develop some applications. Being an efficient kinda guy, I don't write all the software (down to the interrupt routines that handle the video controller) myself. I rely to a large extent either on code that already exists in the O/S, or code that exists in high-level libraries from thrid parties: possibly supplied with the development suite I use. Further, I don't inspect every piece of source from these libraries - or even just the version I developed on - for any weakeness. Where does that leave me in terms of being liable for any security holes? Maybe holes in the libraries, or because I use them in ways that are unorthodox (although still in compliance with the API)
Unless you turn the whole world of software development into a chartered profession, with errrr, professionals who carry the whip (as opposed to their managers doing the lashing) and have the authority to demand certain development practices, this sort of professional liability can never be made to stick. Imagine the situation where a product design meeting takes place. The marketing peeps say they "need" a new product to compete with thier rivals. The softies say: "fine, but unless YOU accept liability for any and all security flaws, it will take 4 years to develop and cost 8 times as much, in professional fees, accredited methodologies, external audits, testing, re-testing and final certification." Under these circumstances, can you see any new software ever being developed - or will we have time-travelled back to the 60's where software was held in awe - and not just because of its price?