lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: jenbradley at webmail.co.za (Jennifer Bradley) Subject: DCOM RPC exploit (dcom.c) On Sun, 27 Jul 2003 16:38:15 -0400 Justin Shin (zorkshin@...pabay.rr.com) wrote: > >Also, I think it is time to sue corporations that sell >buggy/vulnerable software AND make little effort to make >people aware of the problems. Microsoft is improving, >actually, but in my opinion they should make security >updates mandantory when connected to the net. Also, I should >say that no one can sue the ASF (apache software foundation) >for vulnerable software because it is free! It is like getting >a free doorlock from a guy on the street, applying it to your door, >and suing the guy because someone broke in. > Sorry, but the situation that you just described above does not exist!! You can't sue one company because they make money off a product and not another company because it's for free! The whole issue is whether or not a company can give out software without warranties or liabilities. What people in this thread are asking for is the ability to sue software companies if they suffer a loss due to bugs in the software. It doesn't, and shouldn't, matter how much money you make from it, because from a *legal* standpoint, it *doesn't* matter! If someone was handing out free food, and if got people sick, would that person be liable? Of course they would! The American Red Cross was sued for giving out free blood that was tainted with AIDS, hepatitis C, etc. It is insane to think that a law could or would be crafted that would make commercial companies liable for software bugs and non-commercial companies non-liable. What about commercial companies that distribute the code, like Red Hat or companies offer their code for free and then charge for support, like JBoss or MySQL? What about small commerical startups that couldn't afford the legal insurance? What would happen to blossoming security researchers like our poor morning_wood if someone turned around and sued him for his XSS bug on his web site? (sorry, couldn't resist!! :)). Should we change this magical law so that it only affects companies that reach a certain revenue level? Any laws that would make software companies liable for bugs would be almost as bad as the software patent situation in the US and potentially in Europe... :( The last thing we need is more laws and more lawyers to make this environment worse than it already is! Plz, no more lawyers!!! jb _______________________________________________________________________ LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail http://www.webmail.co.za/dialup/
Powered by blists - more mailing lists