North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')
- From: William Allen Simpson
- Date: Wed Jul 25 10:08:11 2001
Roeland Meyer wrote:
> > From: William Allen Simpson [mailto:email@example.com]
> > A check in the mail would be a better incentive to
> > administrators than "automatic" updates.
> Now *there's* a thought. However, all software companies carry product
> liability insurance. It's sometimes called a shrink-wrap license. You might
> actually try reading it the next time you purchase and install software.
I'm not a party to the EULA.
For the sake of argument, ISPs are the party that the SUV hit when it
rolled over after the tires exploded....
(actually, because of our proactive action and filtering, we had
exactly zero customers that were still infected by Jul 20th. But we
had to spend the manpower and technical support -- that's worth
Also, you may have noticed that shrink-wrap licenses are valid in only
two places: Washington (state) and Virginia. This would be a Federal
Joe Shaw wrote:
> And with this latest threat of code red, Microsoft would have been covered
> anyway, because a patch for this exploit existed well before CodeRed hit.
> They released a patch for the indexing server on June 18, 2001, which as
> you know is a full month before CodeRed. So, people had a MONTH to
> prepare for something like this, and it's a sad statement that they did
Actually, although the patch was released, M$ lied, saying it was only
needed by web servers. We have since learned that *ALL* W2K and XP
systems were vulnerable. Fraud and misrepresentation?
> human somewhere wrote some bad code. It happens, and continues to happen
> on a daily basis.
It's long past time that humans were held accountable.
Funny, the engine electronics in my car doesn't seem to be vulnerable
to these failures.... Maybe it's the extensive (years) of testing and
Why should I have to pay for the desire of M$ to be "first to market",
or more usually, "last to market but cheaper".
There is no other industry where such bad practices would be
acceptable. It shouldn't be in ours, either!
> Security requires vigilence, and there seems to be too little of it out in
> the world.
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32