time for software liabilty...
This is one reason why I am a FOSS fanboi. Not because it is more secure, but because it *can* be secured in a reasonable time.
If you sell me a binary blob, the company is liable for security.
If I have the source code, I at least have the choice to PAY for security. Of course,
If the liability for bad and accidental security flaws (I believe there is a distinction) were more significant, perhaps more resources would be spent to actual check code?
Does this sound workable?
P.