| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <NMRC.666.6.66.0208241711250.16826-100000@www.nmrc.org> From: hellnbak at nmrc.org (hellNbak) Subject: Re: HP Full Disclosure Story On Sat, 24 Aug 2002, Georgi Guninski wrote: > Just take a look at real world. > When you buy a beer or a car and then find a bug in it, you may disclose > the bug as you wish. (As bonus, both beer and cars come with warranties, > unlike warez). > > So what makes beer and cars so different than warez? If I purchase a car and find that it has multiple problems, I am by law allowed to turn it back into the dealer and get either my money back or a new car. If the dealer refuses, I call my lawyer and sue them. SO WHY CAN'T WE SUE SOFTWARE VENDORS?!?!?!? But, lets say I buy a car and it only has one problem, lets say that the problem is major enough that it is going to take 10 days to be fixed, do I call my lawyer and sue? Or course not, I leave my car with the dealer and patiently wait for him to fix it. What I am trying to get at here is while I think we should be able to sue software vendors we also hold the responsibility to inform the vendor of a problem and see to it that the problem gets fixed. If the vendor says they need 10 days -- give them 10 days. If after 10 days they haven't done anything -- disclose (call the lawyers..). To me its real simple. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- "I don't intend to offend, I offend with my intent" hellNbak@...c.org http://www.nmrc.org/~hellnbak -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Powered by blists - more mailing lists