North American Network Operators Group|
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
RE: Compromised machines liable for damage?
- From: David Schwartz
- Date: Wed Dec 28 17:57:43 2005
> There have been successful cases for pedestrians that used a train
> trestle as a walk-way, where warnings were clearly displayed, and a
> fence had been put in place, but the railroad failed to ensure repair
> of the fence. The warning sign was not considered adequate. Would
> this relate to trespassers that use an invalid copy of an OS refused
> patches? Would this be similar to not repairing the fence? Clearly
> the pedestrians are trespassing, nevertheless the railroad remains
> responsible for the safety of their enterprise.
There is a huge difference that everyone seems to keep ignoring. Most of
the defective software issues we're talking about here cause no damage until
a knowledgeable person with malicious intent knows the 'defect',
specifically intends to cause harm with it, and uses the defect specifically
to cause that harm. This, unfortunately, makes it more analogous to the
'defect' in a gun that a criminal can use it to do harm just as an honest
person can use it to prevent harm.
Of course, it also makes it analogous to a gun that, when you point it at a
criminal, the criminal can make it blow up in your hands.