commentary Have you ever written buggy code or code that is not 100 percent safe? Go directly to jail, do not pass go, do not collect $200.

This could be the very real future of software development if security expert Howard Schmidt’s comments are taken on board by legislators in Australia and overseas.

Schmidt’s comments, made at a security conference in London this week, indicated that software developers should be personally accountable for the code they write. The former White House cybersecurity advisor added it was imperative companies employ developers with relevant security qualifications.

While the majority of Schmidt’s comments were fair and common sense, it is quite clear that fear of litigation, or simply requiring people to have a piece of paper with a qualification is hardly going to help the world of software engineering.

There are many factors that can go wrong in a project that could lead to security holes or bugs including poor testing, lack of resources, poor communication, bad management, poor development methodologies, unrealistic development times, and the use of complicated development tools.

This doesn’t even touch on whether the platform, operating system, browser or any other third-party software used to deliver the application is in itself secure. Nor does it touch on the fact that software development is a dynamic environment. New techniques for cracking software are always being created, and what software is originally written for isn’t always what it ends up being used for in production or when updates to software are made.

How many lines of code would you write if you were to be personally accountable? There is only so much bulletproofing one developer can do.

Schmidt’s proposal is simply unrealistic and could be extremely harmful to an already struggling industry. It would drive up the cost of software development, drive away students interested in software development, and create a lower supply of workers (meaning higher wages?).

If there needs to be accountability or blame for security holes or bugs in software it should lie on the company developers work for. Companies that have hired and trained the developers in the first place, companies that have the power to fire poor performing employees, companies that sell the software developers create, companies that have indemnity insurance against any such legal action.

Who do you think of Howard Schmidt’s comments? Drop me a line at