Difference between revisions of "Responsibility"
(→Updating software) |
(→Updating software) |
||
| Line 20: | Line 20: | ||
==Deployed Systems== | ==Deployed Systems== | ||
===Updating software=== | ===Updating software=== | ||
| − | A debate has been raging (in 2023) about whether the owner should be responsible for updates. An argument has been made the the manufacturer should bear full responsibility for failures and would then be incentivized to make the software better. For an extreme example see [[Code of Hammurabi]]. But if there were unlimited liability by the manufacture there would very few of them in business. ... For a selling party to assume liability for a defect found in a product, in the U.S. Uniform Commercial Code the product has to be considered "tangible"—and the UCC says software is still considered to be "a general intangible."<ref>Drug and Device Law. New Decision Directly Addresses the "Is Software a Product" Question. (May 2, 2022); https://bit.ly/3JrKZnE</ref> In an odd way, this actually makes sense. Engineering disciplines only exist in tangible areas, such as civil, chemical, mechanical, and electrical engineering where tables of materials strengths and properties can be created and regulations can be created around acceptable safety margins based on intended use. No such tables exist for software, and none have shown a sign of emerging over the past 20 years.<ref>Steve Lipner +1, ''Updates, Threats, and Risk Management'' (2023-05) '''CACM 66''' No. 5 p. 21-23</ref> | + | A debate has been raging (in 2023) about whether the owner should be responsible for updates. An argument has been made the the manufacturer should bear full responsibility for failures and would then be incentivized to make the software better. For an extreme example see [[Code of Hammurabi]]. But "if there were unlimited liability by the manufacture there would very few of them in business. ... For a selling party to assume liability for a defect found in a product, in the U.S. Uniform Commercial Code the product has to be considered "tangible"—and the UCC says software is still considered to be "a general intangible."<ref>Drug and Device Law. New Decision Directly Addresses the "Is Software a Product" Question. (May 2, 2022); https://bit.ly/3JrKZnE</ref> In an odd way, this actually makes sense. Engineering disciplines only exist in tangible areas, such as civil, chemical, mechanical, and electrical engineering where tables of materials strengths and properties can be created and regulations can be created around acceptable safety margins based on intended use. No such tables exist for software, and none have shown a sign of emerging over the past 20 years."<ref>Steve Lipner +1, ''Updates, Threats, and Risk Management'' (2023-05) '''CACM 66''' No. 5 p. 21-23</ref> |
==References== | ==References== | ||
[[Category: Glossary]] | [[Category: Glossary]] | ||
Revision as of 17:21, 26 May 2023
Contents
Full Title or Meme
The state or fact of being accountable or to blame for something.
The opportunity or ability to act independently and make decisions without authorization.
Context
In Identity and Access Management Responsibility is a topic of major concern. Who, exactly, should be responsible for acts taken to identify the person who has Authorization to act?
- Issuer of an Identity Credential
- Holder of an Identity Credential
- Verifier of an Identity Credential
In computer software and hardware deployment who should be responsible for failures of the the deployment?
- The manufacturer
- The installer
- The Owner
Authorization
Deployed Systems
Updating software
A debate has been raging (in 2023) about whether the owner should be responsible for updates. An argument has been made the the manufacturer should bear full responsibility for failures and would then be incentivized to make the software better. For an extreme example see Code of Hammurabi. But "if there were unlimited liability by the manufacture there would very few of them in business. ... For a selling party to assume liability for a defect found in a product, in the U.S. Uniform Commercial Code the product has to be considered "tangible"—and the UCC says software is still considered to be "a general intangible."[1] In an odd way, this actually makes sense. Engineering disciplines only exist in tangible areas, such as civil, chemical, mechanical, and electrical engineering where tables of materials strengths and properties can be created and regulations can be created around acceptable safety margins based on intended use. No such tables exist for software, and none have shown a sign of emerging over the past 20 years."[2]
References
- ↑ Drug and Device Law. New Decision Directly Addresses the "Is Software a Product" Question. (May 2, 2022); https://bit.ly/3JrKZnE
- ↑ Steve Lipner +1, Updates, Threats, and Risk Management (2023-05) CACM 66 No. 5 p. 21-23
