When software companies publish or manufacture a defective product, the losses from a security breach resulting from that defective product can reach the millions of $US, and in rare cases, billions of dollars. Presently, the purchaser/consumer of that product bears the entire burden of those losses. This means that if Microsoft turns out a defective Internet Explorer (IE) that is then exploited to steal your bank account, the loss in borne by you and you have no recourse for compensation from Microsoft (although you may have recourse from the bank).
When other manufacturers produce a defective product, the purchasers/consumers are usually reimbursed for the losses that they incur from the defect in the product. For instance, if an automobile manufacturer produces an unsafe car that injures the purchaser/consumer or others, the automobile companies generally are held liable for the loss in the courts of law (note the Ford Pinto and Explorer models that cost Ford Motor Co hundreds of millions of U.S. dollars). Without delving too deep into the legal theory, automobile manufacturers and others are held to a standard of "strict liability". This means that a manufacturer can be held legally liable for any product that was sold in a "defective or unreasonably dangerous condition". As a result, automobile companies strive to produce safer and safer automobiles to avoid these potential legal liabilities. The same can be said for nearly every other industry that produces a product. They are held legally liable for losses due to defects in their products.
Bruce Schneier—the noted cryptographer, author and commentator on information security—has suggested that if software companies were held liable for the losses attributable to defects in their products that software would become more secure and much safer. He reasons that software companies would then be more careful in releasing new products before they are ready instead of letting the chips fall on the consumer when they prove defective. He also reasons that if they were held legally liable, these software companies would likely begin to purchase liability insurance for such losses, just like automobile manufacturers do against defects in their products. In turn, the insurance companies would enact strict standards on software safety to avoid losses. The end result, according Schneier, would be safer and more secure software with fewer security breaches.
Do you think that software developers/publishers should be held liable for defects in their products that lead to financial losses just like every other manufacturer or do they deserve special treatment?