lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.BSI.4.05L.10304280002320.899-100000@yoshimo.webtechs.idg.nl>
From: msopacua at idg.nl (Melvyn Sopacua)
Subject: pissed off

On Mon, 28 Apr 2003, Steve Wray wrote:

SW>>> And the fact that software companies can get away with
SW>>> claiming to have no liability for the fitness of their products
SW>>> means that they can continue to produce and sell and make millions
SW>>> out of their defective products.

So this only applies to sold software? You mean, if a defective program,
burns my CPU's it didn't cost me anything?
Or with respect to Open Source (or even a paid source license):
the fact that the source is available to the end-user, implies the
end-user 'could have known' that this would happen?

SW>>> From the Unix Haters Handbook;
SW>>> 
SW>>> <quote>
SW>>> Real standards ... are for physical objects like steel beams: they let 
SW>>> designers order a part and incorporate it into their design with 
SW>>> foreknowledge of how it will perform under real-world conditions.

Letting users(tm) use software takes away any chances of accurately
assessing real-world conditions.

SW>>> "If a beam fails in service, then the builder's lawyers call the beam 
SW>>> maker's lawyers to discuss things like compensatory and punitive
SW>>> damages." 
SW>>> Apparently, the threat of liability keeps most companies honest; those 
SW>>> who aren't honest presumably get shut down soon enough.
SW>>> <end quote>
SW>>> 
SW>>> Somehow an entire industry has arisen with no concept of liability
SW>>> and, therefore, with no concept of honesty.

To much of a longjmp(). The threat of liability, founded upon a belief
that mankind will do the right thing, will lead to honesty.
Threat of liability, founded upon the proven fact, that mankind is
capable of *not* doing the right thing, leads to cover-ups and enhanced
methods of cost/gain analysis (200 dead people * 1,5mln a pop = 300mln,
while redesigning a defective car and recollecting already produced, costs
400mln).

Anyway - to make this on topic again:
what is copyrightable about a vulnerability report and why should
violation of that copyright constitute legal action and possible
financial (or criminal?) repercusions?

-- 
With kind regards,

Melvyn Sopacua
<?php include("not_reflecting_employers_views.txt"); ?>


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ