Sun's chief security officer last week said that vendors should bear legal responsibility for any security vulnerabilities found in their software, and should work harder to build more secure platforms and applications.. . .
Sun's chief security officer last week said that vendors should bear legal responsibility for any security vulnerabilities found in their software, and should work harder to build more secure platforms and applications.

"Currently, it's a case of saying to firms, 'You pay, we promise you nothing, have fun.' But we need to put in place legal targets, perhaps for 2010 or 2015, and improve our methodology to provide much higher security standards if we are to accept liability," said Whitfield Diffie, Sun Microsystems chief security officer, speaking at the Information Security Solutions Europe (ISSE) event in Vienna last week.

The call comes as a group of US users are proposing a class-action lawsuit against Microsoft because of Windows' vulnerability to computer viruses, which they claim could trigger "massive cascading failures" in global computer networks.

Other experts at the event said that IT buyers share some responsibility for the increase in attacks via the internet. "Security has not had a big space in large companies in 2002 because it is difficult to make a clear business case to the chief finance officer for security, and that has to change," commented Michael Niebel, director general of the European Commission's information society, responsible for co-ordinating data security initiatives.

The link for this article located at vnunet is no longer available.