Sue Companies, Not Coders - A former U.S. cybersecurity czar now advocates holding programmers liable for the security holes in their code. He's soooo close to getting it right. Commentary by Bruce Schneier. [Security Blanket]

It seems like in recent weeks we have seen several high-profile cases in which large technology corporations have come under fire for the development of faulty hardware and programs. In this article, Bruce Schneier gives several interesting reasons why and also offers up some good solutions. I think his most interesting point is, “the problem with this analysis is that most of the costs of insecure software fall on the users. In economics, this is known as an externality: an effect of a decision not borne by the decision maker.” He also states early in the article, “Companies find that it's cheaper to weather the occasional press storm, spend money on PR campaigns touting good security, and fix public problems after the fact than to design security right from the beginning.” It’s tragic, but seems to be very, very accurate. In the end, Schneier states that it's more effective to sue the companies that are producing and marketing the insufficient programs, and that doing such will fix the problem of "externality" he talks about. If you’ve been keeping up with the Sony RootKit case and the Black Hat Bug, this is a good article to check out.