Is it time for a 'lemon law' for insecure technology?

A reader makes an interesting suggestion about how to handle the software and hardware responsible for many of our security problems.

A reader, IT and security consultant Raj Goel, sent an interesting response to a post I wrote yesterday about vendors overplaying the hacktivist threat. He suggested faulty software and hardware are bigger threats than outside hacking groups will ever be, and that it's time for a "lemon law" for this particular scourge.

His comments, sent my way in a LinkedIn message:

Is it just me or did the guys who compromised every security org on the planet (RSA, every AV and DLP vendor, Adobe, Java) just pulled a magic trick and passed the blame onto nameless hacktivists? Long before I fear the hacktivists and cyber-criminals, I DREAD Adobe, Java and the 100% failure rate that is the anti-malware industry. What do you think it's going to take to get a LEMON LAW for software passed?

I found that interesting, and told him so. He then added:

I've been advocating for that since 2001. Why is that when Toyota has a minor brake problem, they have to spend $2B to fix the problem, whereas, when flaws in Flash infect millions of PCs, Adobe is left off the hook? If food or drugs had a 30% failure rate, would we buy them? Would the FDA allow them to be sold? Nope, they wouldn't. And yet, what's the success rate for the BEST AV software? 71%.

I have no big points to add to the mix, other than that I agree there needs to be a bigger stick over the vendors' heads. Not that I think it's that simple. I also think that despite all the glitches we see daily, some of the big tech vendors -- Microsoft, Oracle and even Adobe -- have been working hard to improve the security of their products.

So tell me, readers? Is it time for a tech lemon law? Or is it an idea both oversimplified and unrealistic?


To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Healthcare records for sale on Dark Web