Vendors face security calls
Sun's chief security officer last week said that vendors should bear legal responsibility for any security vulnerabilities found in their software, and should work harder to build more secure platforms and applications.
"Currently, it's a case of saying to firms, 'You pay, we promise you nothing, have fun.' But we need to put in place legal targets, perhaps for 2010 or 2015, and improve our methodology to provide much higher security standards if we are to accept liability," said Whitfield Diffie, Sun Microsystems chief security officer, speaking at the Information Security Solutions Europe (ISSE) event in Vienna last week.
The call comes as a group of US users are proposing a class-action lawsuit against Microsoft because of Windows' vulnerability to computer viruses, which they claim could trigger "massive cascading failures" in global computer networks.
[ Read more ]