Comments on: Time to regulate the software industry?

With flaws providing an open door to viruses and worms, industry observers debate imposing rules on software companies.

Here is a novel idea!!!!!!!!!

I think it is nessesary to hand down long prison terms to those criminals that exploit computer programs. Instead of rewarding them when they write viruses/trojans, make it a lot less profitable for them. I have noticed quite a few individuals that have brought entire networks to their knees with malicious code. Only to be offered a position with a software firm making very good money after their short stints in prison.
An even better idea would be to put them in an arena with their victims and have a no-holds-barred deathmatch where the criminal virus/trojan writer is given a keyboard & mouse to defend themselves against their victims armed with guns & knives.
Lest we forget that they are simple CRIMINALS that should be dealt with as such.
It just doesn't make any sense.
Its kind of like hiring convicted rapists to do an OB/GYN's job. These criminals are using the system against us!
Enough already!

[wrwjpn]

re:Here a novel idea!!!!!

Have a rating system for software.
How easily they are exploited.
How often they fail to live up to their marketing.
Basically use a Consumer Report style system. Have some reputable firm or person evaluate software. The leave the market to decide whether or not the software is worth the problems it has. Well, we already know that the market will except shoddy software, as we are attacked often by virus, trojans, and spyware.

Use this analogy:

We don't penalize the people who smoke and cause second hand smoke but the manufactures of tabacco products. They are the bad one because they promote their products knowing the dangers. Yet we want to penalize people who write virus, trojans, and such even though often software developers (companies) know their software will most likely be succeptable to bugs, virus, trojans and such.

Set standards and enforce them and developers will develope well designed software. Leave it to market forces and in the US the cheapest will win out everytime. Otherwise Wal-mart and such would be out of business already.

[Buzz_Friendly]

Regulation no, Accountability yes

I do think regulation will stifle innovation but I see no reason why a company should not be held accountable for their software. Just about every other product you by the manufacturer can be held liable for a defective product. Why is this not more prevalent in the software industry? If I download a piece or free code or software that?s one thing, but if I pay $250 for an OS or Office suite that claims it can do X Y Z and doesn?t, shouldn?t that company be held responsible? Heck it is almost impossible to even return a poorly written piece of software once you open the box which is like testing driving a car and then finding out your obligated to buy it.

[EdShaffer]

Regulation breeds incompetent monopolistic companies

Regulation has shown its value in the airline and other industries already.

It usually creates a group of "fat cats" with connections to the regulators and the industry becomes incapable of innovation or fair competition.

[Thomas, David]

W-F AND OMG

Regulate what?! The idea of regulation implies that regulators
be experts and have the ability to and knowledge to back it up.
That means they would supposedly have to have more
knowledge than the developer, wheter it be IBM, Microsoft, HP,
Apple, Sun or you and I.

The reality of this farce is simply an excuse to create another
witch-hunt control mechanism. Who is really behind this
proposal. I mean where the f--k did it come from?

[ordaj]

Let's look at AT&T...

Before the breakup, you had black, desktop, clunky rotary-dial phones. If AT&T had not been broken up, yuou would still have these. Only because of the breakup of the monopoly do you have cool new phones and even cell phones. Monopolies are content to extract their revenue from captive customers from their already sunk costs.

They're not going to put more money into something where they can already derive most of the revenue. Why spend money when you're not going to really see any return? Look at IE. Until FireFox, MS had 90%+ of the market. Why bother with improvements?

[Thomas, David]

If the Software is Bad Don't Use It.

The idea of regulation is beyond that of sanity. I mean, this
article is talking about regulating how some one writes code.

We have software reviews, and multiple providers. We have
contracts and license agreements to protected the licensees,
licensors, developers, and contractors. We have software
reviews. We have design methodologies and principles.

If you know the software you are using is a problem, IT HAS TO
BE THE MOST DAMNDEST, STUPID THING TO TRY AND CREATE A
RULE TO TELL THE BAD SOFTWARE VENDOR TO MAKE IT BETTER.

USE ANOTHER VENDOR or DEVELOP IT YOURSELF.

The easiest way to handle this...

The best, easiest and surest way to help software and hardware developers ensure that their products are secure is to fine them for every flaw that is found.

For example after a company releases a new product or an update to one they are allowed two flaws (nothing in this world is perfect and I think two is acceptable) after the first two they are fined $1,000,000 for each additional flaw up to ten. After ten the fine is raised to $5,000,000 each up to fifteen. After fifteen the fine is raised to $50,000,000 for each flaw.

This is easy to keep track of and it is easy to manage. It is also a sure way to get comanies to secure their software. Any time you start taking money out of greedy corporate profits they will do something about it.

This will not hurt innovation it will only help ensure that software and hardware is secure.

Robert

[System Tyrant]

hmm

First I believe a good lawayer could argue that your fines are unconstitutional.

Second, with current languages and size of programs, you can't build a program with only two flaws.

Third, it is anti-competitive because you would put everybody out of business and stop anybody trying to start one out of fear they would never make any money due to large fines. You would also stifle innovation because nobody would want to risk adding features when it may cause huge liabilities.

regulation

Business now relys on necessity of computers and the internet. To Regulate is to suggest enforcement of the world. Preditors will always exist and vulnerablity will not be removed completely, only reduced. Software can always be broken. Just by its very definition. Look it up in Webster Dictionary. Would you build a 10 million dollar structure and not install fire protection? Hardware exists that will instantly take you to a time before any issues existed. Local bus control redefines protection and creates a time machine encapsulation that is answer to hassle free operations. Zero down time. Hardware. We use it and cannot be broke by software. software is necessary evil but Hardware protection against software seems to be only regulation people should be made aware of. OEM won't tell us that because it would hault the current money machine. Fear and software.

TK

King Canute

So, King Canute, being outrageously flattered by his advisors, tried to command the tide - he got wet feet.

Trying to legistlate code quality will have similar results. There are some things which are not going to work - producing millions of lines of fault free code is one of them.

But the problem isn't just writing a = b + c; when you mean a = b - c; It's the high level architectural design failures (not faults - just things you didn't think of) and the low-level design failures (e.g. not catering for a user pressing every key on their keyboard, in sequence, 5 times, after a program hangs).

We've had cars for over a hundred years & there isn't a car can't be stolen. We've had banks for centuries and they can still be robbed. Why expect totally secure software after a few decades ?

Q. If M$ made a version of Windows that was KNOWN FOR A FACT to be 100% secure, would you buy it.....if it cost $5,000 ? How much EXTRA are you prepared to pay for security ?

Perhaps we could improve robsutness of security features by
a. diverting effort from developing new features to working on security - but who'd buy a product with no new features.
b. more patches & service packs with longer intervals between complete new releases - but that doesn't make money.
c. More effort to have a robust kernel - but that may limit the ability to add new features.
d. Have a common set of standards for pulic onsine security, with a ratings system to identify who best meets those standards, and having more competition & and some way of resolving responsibility when 2 products from totally different companies interact to cause a breach - to decide who is responsible. My choice, by a hairs breadth.

Or, we could just keep demanding better & more secure software as the industry develops & keep educating users, not to leave themselves open to breahes (there are 3 wireless networks down my street, that my wireless connection detects - only 1 is secure. I've sent a note to the HOA to remind people to lock their networks).

The problem isn't the software...

Software regulation is not about jail terms or making people pay fines for writing malware, viruses and the like. It's about tightening the reigns on how applications are written. Microsoft needs to make it more difficult to have an application startup automatically with Windows. We are all extremely tired of every single software manufacturer deciding that their software is important to load with Windows. Microsoft should implement registration system that will require software developers to register with in order to create an entry in the Windows registry. Of course it will be hacked no matter how good the encryption methods, but at least normal software developers will be unable to start their crapware automatically.

[qmuser]

No Regulation, but certification & comparison

I don't feel that government regulation would greatly improve software, although it would push the price up significantly. Government regulations tend to adapt to markets over the course of decades, where as software can change drastically in year.

Also, software isn't a one size fits all product. How would you write a regulation that was equally sensible for a financial program, and a video game, and a quantum chemistry code, and a hardware device driver, and an air traffic control system, and a compiler, etc., etc....?

I am in favor of third party validation. You could have the Consumer Reports style rating for security or number/significance of bugs. You could have a ISO or 6 sigma style certification of software, testing practices, software developers, etc. Some of this exists in a sporadic case by case basis, but I think there is room for some organization to become the source that the majority of the industry looks to before making purchases.

One thing I greatly dislike. In my own industry (computational chemistry) I know of companies that have wording in the software license agreement forbidding the purchaser from publishing any type of comparison between their product and competing products. I'm not sure if this is even an enforceable clause (freedom of speach?). However, I feel that it is harmful to the consumers, the industry, and the software manufacturers themselves. If this is legal, I would like to see it made illegal. The software manufacturer is still protected from undeserved harmful reviews by libel and slander laws, so there should be no reason for them to object.

Businesses need to quit paying for bad software.

Buz Friendly had it partially right. Additionally, businesses need to quit accepting and paying for products that do not work properly. That is what a market based society is all about. As long as businesses continue to pay for indequate software they will get what they pay for.