Onus
This surprisingly good piece on C|Net/ZDNet is pretty much the sermon on software development responsibility I was going to write in the wake of the MSBlaster worm. Summary: we have pathetically low expectations of software manufacturers.
I’ve got no patience for cyberterror hysteria, but the byproducts of security holes will be regarded as mere annoyances until a critical system (think hospital, airport, etc.) is disabled and people die. I see such a scenario as an inevitability of moving more and more systems to full-blown OSs. I don’t think when something like this happens it will be a major catastrophe, thousands of deaths. But even one person dying as the result of an insecure operating system is just fundamentally unacceptable. As the editorial linked above says:
“Travelers getting onto planes expect to debark in one piece. When people drive across a bridge, they do so confident about exiting safely on the other bank. If the plane or bridge dumps out halfway, I doubt surviving family members would be consoled by the promise that Version 1.1 will take care of the glitches.”
The terrible thing is, I don’t think one will have to draw metaphors for a scenario like this much longer.
Post Script from the Microsoft Internet Explorer license agreement:
bq. “NOTE ON JAVA SUPPORT. The SOFTWARE PRODUCT may contain support for programs written in Java. Java technology is not fault tolerant and is not designed, manufactured, or intended for use or resale as on-line control equipment in hazardous environments requiring fail-safe performance, such as in the operation of nuclear facilities, aircraft navigation or communication systems, air traffic control, direct life support machines, or weapons systems, in which the failure of Java technology could lead directly to death, personal injury, or severe physical or environmental damage.”
I’m not sure commercial software vendors should be able to disclaim liability like that, though the question of legally enforced liability vs. market-driven liability is a tough one (for me)