News: Coders ‘should be held liable for flaws’,39026540,39275698,00.htm


There are a lot of issues here… Who owns the code? In most cases the developer doesn’t “own” the code. If the developer doesn’t own the code, holding him accountable is going to be difficult.  And, accountable to what level?


I think all software developers can at least agree on the fact that they are not trained to write “secure” code. The bit about training is noted in the article.


The article also quotes a British Computing Society (BCS) as saying “"There is an element of ‘caveat emptor’ — buyer beware. Before buying any software an enterprise should check whether a vendor uses their own security software. They should also be accredited with a CMM [Capability Maturity Model] standard — it’s like a kitemark. CMM level three, four or five is an indication the software has been developed by quality developers,"


I know for a fact that CMM or CMMI level 3, 4, or 5 certification doesn’t guarantee secure software or software development by “quality developers”. Just goes to show how others perceive CMM (with or without an ‘I’) certification.


An interesting read.