Feds reject secure software submission

The Federal Government has rejected a submission from industry seeking tougher laws to penalise vendors for selling software that is not up to scratch.

Internet law specialists Deacons Lawyers prepared the submission that aims to lift IT industry standards and improve software quality by making vendors more liable for vulnerabilities.

It was presented to the National Office for the Information Economy (NOIE), the Federal Attorney General Daryl Williams and IT Minister Richard Alston in March, but the law firm is still awaiting a reply six months later.

Deacons Lawyer Leif Gammertsfelder said there is little interest from the Government because of "political sensitivities surrounding the issue".

He said feedback has been "very cold" but Gammertsfelder has plans to raise the issue at a meeting with NOIE this week.

Gammertsfelder said fines could be introduced under the Trade Practices Act forcing vendors to prove they have taken "reasonable steps" to ensure products are of a minimum standard.

"Instead of getting caught up in IT technicalities, laws will put broad processes in place which form the key tenets in every standard around the globe," he said.

Gammertselder accused the Government of abdicating responsibility, adding "We have laws for fence heights and dog ownership."

A NOIE spokeswoman said the federal body was "unable to comment".

US considering terrorism liability protectionCongress in the US is moving closer to limiting the liability of IT vendors that sell to federal, state and local governments by allowing Uncle Sam to insure systems that fail to stop terrorists from causing havoc.

The latest effort to limit vendor liability came in legislation introduced by two top Republicans, offered as an amendment to the Senate"s version of a bill authorising the creation of a US Department of Homeland Security.

If approved, the amendment would pave the way for the US government to pay liability damages beyond what private insurance covers for companies that the president designates as makers of products related to national security.

But critics of the Senate amendment warned that if the liability protections are too broad and include commercial software that's in wide use, corporate users may ultimately pay a price in the form of lower-quality products and tougher contract negotiations.

The legislation is also stirring new debate on a long-standing and contentious issue: would software quality improve if vendors were held liable for vulnerabilities? Leon Kappleman, director of the Information Systems Research Centre at the University of North Texas, said: "It's Congress that says we must have more secure systems, and now they're going to be the insurance company for the vendors, too? It's a dangerous place to be," he said. The amendment wouldn't directly affect commercial contracts, but legal experts said it could still impact corporate users. Vendors might use a federal indemnification status to argue for liability limits on private-sector contracts, said Christopher Wolf, an attorney at law firm Proskauer Rose's Washington office.

If liability protections were extended to products such as firewalls and routers, "that would be a horrible thing", said Jerry Brady, chief technology officer at security software vendor Guardent. "That would certainly reduce the last bit of reasoning for producing quality products in that space," he said. -- Patrick Thibodeau.

Join the newsletter!

Error: Please check your email address.

More about DeaconsDeaconsDeacons LawyersGuardentNational Office for the Information EconomyNOIE

Show Comments