Insecure at any bit rate: why Ralph Nader is the true OG of the software design industry

Abstract

ABSTRACTThe software design industry lacks standards for both code quality and security; as a result, code vulnerability at the time of a product’s release is often compromised at subsequent, critical junctures in its consumer-use phase. Exacerbating this problem is the fact that developers typically waive all liability for code errors and place the burden of security on unqualified, non-expert users. Although certain legal remedies exist in the US – often in the form of US Federal Trade Commission (FTC) enforcement actions classifying inadequate data security as an ‘unfair trade practice’ – they are limited in nature, infrequently utilised and are generally incapable of meaningfully protecting consumers. History has shown that other major technological advances, including developments in the aircraft and automotive industries, have occurred in similar unregulated manners, often resulting in negative and potentially dangerous outcomes for the public. To ensure the security of today’s software environment, change from within the industry – not unlike the Ralph Nader-inspired industry-wide automotive safety improvements in the 1970s – is necessary to create a shared liability model for software which protects users from poor development practices. Such a model, when coupled with certification standards and education, will result in a more secure software design industry.