[buscoquadnary]

All software has bugs, some of those bugs will necessarily lead to security issues. The German government can't investigate every product out there, so this will either be a reactionary only measure, that does nothing but cause organizations to simply try and hide what they are doing from the German government, or more chillingly it becomes selectively enforced to punish the politically unpopular and reward the politically favored.

[orangeoxidation]

Note that this is only about known and disclosed security vulnerabilities.

It will not be enforced by an overworked regularly body, but by customers suing software companies.

No reason for the government to investigate proactively (as long as the government was not affected).

[pjmlp]

Same thing applies to surprise visits from regulation authorities to all kind of business, nothing special about software shops.

[mschuster91]

That's exactly the same what was said for the GDPR... and no one will deny that the GDPR was effective in forcing the industry to adhere to at least some common sense standards.

And yes, part of both the GDPR and the CCC proposal is effectively weeding out those whose business model is solely to undercut legitimate competition by putting their customers at risk of losing control of their data or of wasting money on products that are effectively a danger to their data sometimes not even a year after they were bought (looking at you here, cheap-ass Android phones).

[dragonwriter]

> and no one will deny that the GDPR was not effective in forcing the industry to adhere to at least some common sense standards.

I suspect that this is intended to be a single rather than double negative, or did you mean to assert that GDPR was universally recognized as a complete failure at limiting bad behavior?

[throwawayboise]

Or, software sold in Germany will cost $X more where X is the actuarial cost needed to offset the liability risk.