Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Compromised machines liable for damage?

  • From: Owen DeLong
  • Date: Thu Dec 29 08:23:30 2005


--On December 29, 2005 5:51:04 AM -0500 Valdis.Kletnieks@vt.edu wrote:

> On Wed, 28 Dec 2005 13:20:51 PST, Owen DeLong said:
> 
>> Denying patches doesn't tend to injure the trespassing user so much as
>> it injures the others that get attacked by his compromised machine.
>> I think that is why many manufacturers release security patches to
>> anyone openly, while restricting other upgrades to registered users.
> 
> Color me cynical, but I thought the manufacturers did that because a
> security issue has the ability to convince non-customers that your
> product sucks, while other bugs and upgrades only convince the sheep that
> already bought the product that the product is getting Even
> Better!(tm).....

That could be a factor, but, I know first hand from the legal departments
of at least two software "manufacturers" that it was at least a factor
in the decision, and, they do have concerns about being liable for
damages caused by security flaws in their software.

Owen


-- 
If it wasn't crypto-signed, it probably didn't come from me.

Attachment: pgp00023.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.