BitArmor's No-Breach Guarantee
BitArmor now comes with a security guarantee. They even use me to tout it:
“We think this guarantee is going to encourage others to offer similar ones. Bruce Schneier has been calling on the industry to do something like this for a long time,” he [BitArmor’s CEO] says.
Sounds good, until you read the fine print:
If your company has to publicly report a breach while your data is protected by BitArmor, we’ll refund the purchase price of your software. It’s that simple. No gimmicks, no hassles.
[…]
BitArmor cannot be held accountable for data breaches, publicly or otherwise.
So if BitArmor fails and someone steals your data, and then you get ridiculed by in the press, sued, and lose your customers to competitors—BitArmor will refund the purchase price.
Bottom line: PR gimmick, nothing more.
Yes, I think that software vendors need to accept liability for their products, and that we won’t see real improvements in security until then. But it has to be real liability, not this sort of token liability. And it won’t happen without the insurance companies; that’s the industry that knows how to buy and sell liability.
EDITED TO ADD (2/13): BitArmor responds.
HJohn • January 23, 2009 10:50 AM
Let me see if I have this straight…
If our software fails, we’ll give you back your money, but we’re not liable. So, they never really lose money, at worse they break even.
Sounds like a great guarantee–for BitArmor’s profits.