I am a web developer and have a contract for client based projects that has been improved over years and many projects.
However after reading it this month I think that upgrading the section that protects me from security breaches from nefarious activity should be upgraded and written with standards from the legal industry.
As per the comment by PatW: The question is more clearly defined as "what legal verbiage should be included in the section of a software development contract to fully protect a developer against hacks, security breaches or any nefarious activity?" Any terms, language or examples are appreciated.
Here is an excerpt as example:
Security and Data Protection
Web Designer is not responsible for the security of any and all web, data, code and digital information. Client acknowledges that no security components in whole or in part have been negotiated to fulfill and that only the most basic security precaution, one password protected login page, will be applied to said web project. All other cyber security practices are out of scope of this contract and all of its attached documents. Client acknowledges that nefarious users will attack said web project and that this form of activity is commonplace within the online space. Client acknowledges that Web Designer holds no responsibility for such actions of these individuals being persons or software (bots).
Client acknowledges that Web Designer is not responsible for any and all backup, security, administration and health of data and files. And that no party has been defined as responsible for the web project's data status, regular backups, storage or datable health of any kind during or after contractual agreements are fulfilled.
