[Owasp-leaders] EU Cybersecurity plan to protect open internet and online freedom and opportunity

Dennis Groves dennis.groves at owasp.org
Sat Feb 9 12:36:58 UTC 2013

On 9 Feb 2013, at 11:36, Eoin wrote:

> There is a fatal flaw here (I think)
> If the code that makes code (IDE, jvm, clr, framework, library etc) is 
> flawed is the developer liable?
> If we are building on weak foundations how do we start pointing the 
> finger?
> If the DNA is flawed we can't blame the genetic architect :)

Great points that remind me of the paper by Ken Thompson [Reflections on 
Trusting Trust](http://cm.bell-labs.com/who/ken/trust.html).

However, the line should not be black and white either, so that even if 
we could point the finger directly at the author of the code; how do we 
determine the threshold of the liability? So, if the software bug is 
minor say $100, clearly the infraction would cost more to litigate and 
police than the infraction itself. So, there will not be liability, 
however if somebody were to die because of software that somebody wrote; 
perhaps their should be liability just on principle, we can not make 
murder by software legal after all…


[Dennis Groves](http://about.me/dennis.groves), MSc
[Email me](mailto:dennis.groves at owasp.org) or [schedule a 

*This email is licensed under a [CC BY-ND 
3.0](http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB) license.*

**Please do not send me Microsoft Office/Apple iWork documents.**
Send [OpenDocument](http://fsf.org/campaigns/opendocument/) instead!
Stand up for your freedom to install [free 

> The idea that some lives matter less is the root of all that’s wrong 
> with the world. -- Paul Farmer

More information about the OWASP-Leaders mailing list