Virtually everything we do to help secure applications is extraordinary; it's hard to suggest that a standard of care over security that isn't even consistently practiced by banks and by the military could bind on the developers of photo sharing applications.
Providers are held to a higher standard because the means of securing their product/service are within their control.
The standard of care is very context-specific. Photo sharing applications will not be held to the same standards as banks or the military any more than mom-and-pop delis are held to the same security standards as JFK airport or Dodgers stadium.
This all not to mention the explicit waiver of liability that accompanies virtually every product or software service offered in the US.
This is why liability waivers are now standard issue, so that liability for simple negligence is no longer an issue. But note that such waivers do not absolve the developer of liability for gross (i.e., intentional or pervasive) negligence.
I understand what you're saying but feel like I must be writing unclearly, because I'm not suggesting that photo sharing apps should be held to the same standard of care as banks, or even that anyone advocating liability believes they will be. What I'm saying is that the standard of care most generalist software developers consider when they think about liability is, contrary to expectations, a standard not consistently applied even in sensitive industries that are intrinsically and demonstrably motivated to defend against security flaws even in the absence of meaningful regulations.
Okay, so that standard is not currently applied as one would expect. That doesn't necessarily mean it couldn't be so applied. I think the question here is, how much more expensive is software development when held to this standard?
I don't propose an answer -- I'm curious what you think.
Providers are held to a higher standard because the means of securing their product/service are within their control. The standard of care is very context-specific. Photo sharing applications will not be held to the same standards as banks or the military any more than mom-and-pop delis are held to the same security standards as JFK airport or Dodgers stadium.
This all not to mention the explicit waiver of liability that accompanies virtually every product or software service offered in the US.
This is why liability waivers are now standard issue, so that liability for simple negligence is no longer an issue. But note that such waivers do not absolve the developer of liability for gross (i.e., intentional or pervasive) negligence.