University of Cambridge security researcher Dr. Richard Clayton has sparked a new debate by calling for developers to be held legally liable for preventable security problems in their software. Usually, End-User License Agreements (EULAs) require users to give up their rights to sue, but Clayton says legislators should outlaw such agreements. “It’s remarkable that of all the things that you could buy as a consumer, software is the one where you’re expected to make up your mind whether it’s dangerous,” Clayton said. “We’ve been saying for some years that what is required is to make people [developers] responsible for when they damage other people. If you went down to the corner of your street and started selling hamburgers to passers-by they can sue you [for any damage you cause].”
The idea has been brought up in the UK’s House of Lords and by the European Commission, but neither body has yet passed laws that would allow users to sue developers for security flaws.