Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations IamaSherpa on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Hold Developers Responsible? 1

Status
Not open for further replies.

BJCooperIT

Programmer
May 30, 2002
1,210
US
This article reports that Howard Schmidt, former White House cybersecurity advisor, said that software developers should be held personally accountable for the security of the code they write.

With all the hackers and brilliant minds out there, chances are, if you can write it, ultimately someone can break it.

Also, if I am hired by a company to develop software to their specifications, then how could I be held responsible for someone else's design?

Beware of false knowledge; it is more dangerous than ignorance. ~George Bernard Shaw
Consultant Developer/Analyst Oracle, Forms, Reports & PL/SQL (Windows)
Author and Sole Proprietor of: Emu Products Plus
 
Yes Manufacturers are held accountable, but the factory worker who screwed those bolts in isn't accountable (at least from the govt., he'll probably lose his job). You cannot hold Joe Schmo programmer responsible for work he did on the job of "ABC Software". Unless he was purposely developing insecure code.

If I write a program on company hours and it makes millions in profits, and it belongs to them because of contract, then the opposite should hold true. If I write a program that the govt. says is poorly coded and insecure, that's the company's responsiblity. Sure I may face discipline/termination at work, but criminal charges/fines, no way.

Yes software developers should have stricter guidelines for quality control. That'll help everyone from the programmers, users, system admins and corporations.

 
What would be the long term consequence of lacing the work history with something like "This schmuck made a colossal blunder in coding that cost 3 lives and a $40 million judgement against this company" ?
Would that do something to create some personal accountability?

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
Where does it end?

Compilers generate errors...

Assemblers generate errors...

The hardware itself can generate errors... (sometimes it can't add up or divide properly).

 
Ed,

The company is the legal entity that supplies the product, the s/w, and not the person who does the physical coding.

As an employee your personal accountability relates more to your ability to pay off your mortgage and credit card bills.

gpastorelli makes an excellent point in my view. It is the company that takes the benefit of a product, vast profits one hopes, and so should also take the risk.

Mike

I am not inscrutable. [orientalbow]

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 
Don't know what it's like elsewhere, but here in the UK there have been cases where the person who did the work has been pursued because the company he worked for has been liquidated.

Cost one chap £40k in damages.

 
Interesting zeitghost - do you have any links to look at re that?

Mike

I am not inscrutable. [orientalbow]

Want great answers to your Tek-Tips questions? Have a look at faq219-2884

 
Sorry, not off the top of my head.

It was a building surveyor who worked for an estate agency.

Surveyed a property.

Missed a problem with a wall.

Estate agency folded.

Purchaser then pursued surveyor through the courts and won.

Court stated that he had a duty of care to the purchaser as well as to his employer...

Cost him £40k...
 
And here we go.... I was completely wrong.


also (a better article)


It seems that in certain circumstances an employee in the UK *can* be held personally liable.

Lord Justice May said:
...doubted that this [would be] confined strictly to those who might be termed professionally qualified people, and that all would depend on the full circumstances in which advice was given...

...in the main, professional employers will normally be vicariously liable for their employees' breaches of duty...

...professional employees will want to ensure that they are covered personally by their employers' insurance...

...they may need to take steps to obtain personal insurance if their employers' insurance does not continue after their employment ends...
Those of us not in the UK should note that their mileage will vary *s*

Mike

I am not inscrutable. [orientalbow]

Want great answers to your Tek-Tips questions? Have a look at faq219-2884
 
Yes.

Encouraging isn't it?

Must have done wonders for the Professional Indemnity insurers, scum that they are.
 
But seems to be limited to those who are professionals. As in "licensed by the state" to practice a profession.

And programmers haven't reached that point yet, although there have been rumblings over the years. But I'm not sure I would want to trust a "professional programmer" any more than I currently trust "professional" anything else. There are too many incompetents licensed by the "state", or possibly a lack of metthods of removal of such.

Ed Fair
Give the wrong symptoms, get the wrong solutions.
 
==> And programmers haven't reached that point yet,

Today, we are much further away from any sort of official licensing than we used to be. Anybody remember the CDP program? So too, the overall level of technical expertise and professionalism among the programming community is not what it used to be either.

I'm afraid that what used to be a profession is now more of a commodity.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
Isn't holding the developer responsible an over-simplification?

What about the contractor who low-balled the bid to get the contract? We can cut back systems testing to 2 days, hire 6 entry level coders, and who needs documentation anyway?

What about the CEO who choose the contractor with the lowest bid? Not because it was the best talent, but because it was the only thing they could afford. You can do it for only $1 million? Great!

What about the Power User who drives the analysis sessions with their very specific agenda? I don't want my assistant to be able to see my salary and I want to know when she emails her boyfriend.

What about the Business Analyst who ignores the user's needs because he "knows better"?

The list goes on and on (Project Leaders, Quality Analysts, Testers, Technical Writers...) In short, software is not solely the product of a group of developers, it takes a whole team and each must play their part well. Mistakes are made, but can we truely point to one person and say it is their fault?

Beware of false knowledge; it is more dangerous than ignorance. ~George Bernard Shaw
Consultant Developer/Analyst Oracle, Forms, Reports & PL/SQL (Windows)
My website: Emu Products Plus
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top