lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
From: jenbradley at webmail.co.za (Jennifer Bradley)
Subject: DCOM RPC exploit  (dcom.c)


On Sun, 27 Jul 2003 16:38:15 -0400 Justin Shin
(zorkshin@...pabay.rr.com) wrote:
>
>Also, I think it is time to sue corporations that sell
>buggy/vulnerable software AND make little effort to make
>people aware of the problems. Microsoft is improving,
>actually, but in my opinion they should make security
>updates mandantory when connected to the net. Also, I should
>say that no one can sue the ASF (apache software foundation)
>for vulnerable software because it is free! It is like getting
>a free doorlock from a guy on the street, applying it to your door,
>and suing the guy because someone broke in.
>

Sorry, but the situation that you just described above does not
exist!!  You can't sue one company because they make money off a
product and not another company because it's for free!

The whole issue is whether or not a company can give out software
without warranties or liabilities.  What people in this thread are
asking for is the ability to sue software companies if they suffer a
loss due to bugs in the software.  It doesn't, and shouldn't, matter
how much money you make from it, because from a *legal* standpoint, it
*doesn't* matter!

If someone was handing out free food, and if got people sick, would
that person be liable?  Of course they would!  The American Red Cross
was sued for giving out free blood that was tainted with AIDS,
hepatitis C, etc.

It is insane to think that a law could or would be crafted that would
make commercial companies liable for software bugs and non-commercial
companies non-liable.  What about commercial companies that distribute
the code, like Red Hat or companies offer their code for free and then
charge for support, like JBoss or MySQL?  What about small commerical
startups that couldn't afford the legal insurance?  What would happen
to blossoming security researchers like our poor morning_wood if
someone turned around and sued him for his XSS bug on his web site?
(sorry, couldn't resist!! :)).  Should we change this magical law so
that it only affects companies that reach a certain revenue level?

Any laws that would make software companies liable for bugs would be
almost as bad as the software patent situation in the US and
potentially in Europe... :(  The last thing we need is more laws and
more lawyers to make this environment worse than it already is!  Plz,
no more lawyers!!!

jb
_______________________________________________________________________
LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA

Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail
http://www.webmail.co.za/dialup/

Powered by blists - more mailing lists