lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <200307271627.h6RGRd1A009400@mailgate.mailbox.co.za>
From: jenbradley at webmail.co.za (Jennifer Bradley)
Subject: DCOM RPC exploit  (dcom.c)

Having vendors liable for software bugs is the worst thing in the
world for software!

I'm just a newbie to programming and security... but imagine all the
small software shops/startups and open source projects that would be
closed because people are too afraid of being sued!!  Especially when
you're a small shop trying to get up on their feet in the market, one
angry large customer that sues you because your product went down will
kill the entire company.  I just don't think that's right!  If
individual programmers to open source projects become targets of
lawsuits because they wrote a bug, imagine how many people will
continue contributing to Linux, Apache, or any other project?

I think that's just playing into the hands of the larger, more
established companies like Microsoft, Oracle, etc. because they can
afford to take hits or they have the lawyers to protect themselves.

As well, this would probably wipe out software security firms as well,
because they could be sued for releasing software or information that
exploited vulnerabilities, it it leads to appreciable monetary losses
due to the release of this information.

As a rule of thumb, I think it's always better to keep the lawyers out
of everything!! ;)

jb

On Sun, 27 Jul 2003 10:49:40 -0400 (Eastern Daylight Time) Chris Paget
(chrisp@...software.com) wrote:

>
>On Sun, 27 Jul 2003, Georgi Guninski wrote:
>
>> IMHO releasing the exploit is ethical and legal.
>> The root of the problem is m$, they should take responsibility for
the worms.
>
>I agree completely that maybe the best way to stop all this is to
make vendors
>liable for flaws in their products.  I heard rumours that this was
being
>considered in the US - anyone know what the score is?
>
>Considering that worms are now starting to have real-world
consequences when
>they DoS the net, it's a lot easier to start saying that a security
flaw is
>causing direct, tangible, monetary loss to people affected.  Surely
this should
>make it easier for those who want to see vendors take responsibility
for the
>code they churn out?
>
>Chris
>
>_______________________________________________
>Full-Disclosure - We believe in it.
>Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________________________________
LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA

Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail
http://www.webmail.co.za/dialup/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ