This is a pretty insightful piece from Bruce Schneier. It can be summarized as: “We’re not paying to improve the security […] We’re paying to deal with the problem rather than to fix it.”
Basically, the idea is that security will be much improved if vendors are liable for their software insecurities (unlike now). However, some say that it will break the open-source movement. Thoughts?