The computer security fiasco continues, followed by the wailing and the "someone must do something" line.
We've had over twenty years to do the simple needed things
- Make anyone who sells software, or provides a paid service which includes software for free responsible for it being fit for purpose.
- Stopping software and service companies being able to do an end run around the law and exclude negligence
- Actually making some of the higher levels of software a proper professional body. We don't want to allow bunches of low paid outsourced programmers to design the equivalent of major road bridges - we should require a chartered engineer of some kind has their signature on it, with sanctions from a professional body for not doing their job.
It's even sadder that when these suggestions get put forward lots of big software companies fight against them - because its "risk", and they
don't get hacked, because they are about the only people who can hope to figure out what is secure code and what is complete shite.
Much of the technology exists nowdays to do the job right, it just needs the right pressures to be exerted.