A reader, IT and security consultant Raj Goel, sent an interesting response to a post I wrote yesterday about vendors overplaying the hacktivist threat. He suggested faulty software and hardware are bigger threats than outside hacking groups will ever be, and that it's time for a "lemon law" for this particular scourge.
His comments, sent my way in a LinkedIn message:
Is it just me or did the guys who compromised every security org on the planet (RSA, every AV and DLP vendor, Adobe, Java) just pulled a magic trick and passed the blame onto nameless hacktivists? Long before I fear the hacktivists and cyber-criminals, I DREAD Adobe, Java and the 100% failure rate that is the anti-malware industry. What do you think it's going to take to get a LEMON LAW for software passed?
I found that interesting, and told him so. He then added:
I've been advocating for that since 2001. Why is that when Toyota has a minor brake problem, they have to spend $2B to fix the problem, whereas, when flaws in Flash infect millions of PCs, Adobe is left off the hook? If food or drugs had a 30% failure rate, would we buy them? Would the FDA allow them to be sold? Nope, they wouldn't. And yet, what's the success rate for the BEST AV software? 71%.
I have no big points to add to the mix, other than that I agree there needs to be a bigger stick over the vendors' heads. Not that I think it's that simple. I also think that despite all the glitches we see daily, some of the big tech vendors -- Microsoft, Oracle and even Adobe -- have been working hard to improve the security of their products.
So tell me, readers? Is it time for a tech lemon law? Or is it an idea both oversimplified and unrealistic?