Jim Rapoza at eWeek has astutely alerted his readers about the new, no-nonsense attiude taken by the prestigious Business Roundtable on software security. In effect, the Roundtable is saying that software vendors are primarily responsible for endemic software security problems. They dont name names but clearly one vendor, Microsoft, has more revenues than its next 9 nearest competitiors – IBM, SAP, Oracle, CA, SAS, Intuit, Symantec, Veritas Software, Adobe combined according to Software Magazine. So clearly Microsoft and all the other major vendors are on the line for the integrity and security of their software.
Or are they ? I am not as sanguine as Jim (though big kudos to him for featuring the item) simply because the IT community has tolerated such poor quality from software vendors in the past including scalability, reliability, availability and from the usual group of suspects and in revenue proportions (worst sinner = biggest revenues). So why should security be any different ? What may add backbone to the Roundtables declaration is fear of being sued by their customers as software and computing becomes so deeply imbedded in how business is done day to day.