>I agree. I don't see how one can expect the developers to be held PERSONALLY responsible for the security of the code they write. Obviously the developer needs to do the best he/she can - but this "lets stick it to the developers" attitue is ridicilous. One thing I did when I started consulting was to get a Sub S corp so that if anyone ever tried to sue me, they couldnt attack me personally, only my corp. ...so I'm not quite sure what this guy is suggesting here - but I don't see it every happening. If I thought that Time Warner could sue me peronally because of some security flaw in my application that was exposed a year down the line by some inventive hacker - I never would of written a single byte of code.
>And what about all the outsourcing biz? They gonna try to sue someone over in India or what?

To me, this looks suspiciously like someone is trying to put himself in the news. More or less similar to: "Let's attack the Harry Potter books, because they teach the children magic, and are therefore un-Christian", or something to the effect. In both cases, the person involved got what he wanted: appear in the news.