Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Flawed Software Liability Could Bring Changes In Software Industry

Veracode : 03 June, 2010  (Technical Article)
Veracode comments on recent UK court ruling that found a supplier of hotel management software liable for failings in the product
A UK court recently found a technology vendor liable for business failures caused by flawed hotel management software. Could this latest ruling signal gaining momentum for holding independent software vendors (ISVs) accountable for application quality and reliability? In response, cloud-based application Risk Management company Veracode says ISVs must dramatically change their approach to assessing and proving software quality, or risk serious business consequences.

"This ruling sets an important precedent, demonstrating that ISVs are no longer protected by standard agreements that limit damages to the cost of the software itself. The damages caused by poorly developed applications and lax standards for third-party software are now being quantified in terms of negative business impact - potentially ambiguous but expensive territory," said Veracode CEO Matt Moynahan.

To help reduce the chances for business loss and expensive liability claims, Veracode suggests ISVs invest in security testing solutions that can quickly, accurately and cost effectively identify potential software vulnerabilities - before deploying the software at a customer site. At the same time, enterprises should be empowered to request that ISVs produce documentation, or third-party proof, that their software has been evaluated, potential risks remediated, and that the application is secure and reliable, with limited risks for exploitation.

"Rising concerns about liability and organizational responsibility for software quality have been increasingly prevalent in discussions we are having with ISVs, many of whom are understandably shaken by this UK ruling that could easily carry over to other geographies," continued Moynahan. "Accountability is quickly becoming a new watch word invoked by enterprises that are compelled to take more aggressive steps to protect themselves from ISVs that misrepresent their software or don't take necessary steps to ensure its quality."

To assist both suppliers and buyers of software, Veracode provides software vendors with a simple, affordable and accurate way to comply with industry security standards such as OWASP Top 10 and CWE/SANS Top 25. Based on breakthrough static binary analysis and dynamic web testing that enable the most complete, automated security testing available, Veracode's cloud-based service independently verifies the security posture of most applications within 24 hours without requiring any additional hardware, software or personnel. Once an application has been assessed, it can qualify for the VerAfied Security Mark and be included in the VerAfied Software Directory, visible indicators for ISV customers and auditors of application security due diligence and compliance.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo