Full Disclosure mailing list archives
Re: Vulnerability Disclosure Debate
From: "Matthew Murphy" <mattmurphy () kc rr com>
Date: Thu, 7 Aug 2003 19:46:27 -0500
"Jason Coombs" writes:
Had the distribution binaries been modified, ISS may well have been bankrupted by customer lawsuits for negligence.Perhaps you could cite a legal case somewhere in the world that backs up
this
assertion. To my knowledge nobody has ever lost a penny in court due to
this
type of infosec penetration.
I don't think we've ever *had* this type of infosec penetration. If my box gets hacked because I missed a patch, and you download compromised code, I can say "oops, I screwed up, but look at my disclaimer". Many software companies write things that say something to the effect of "if you suffer any damage because of your use of my code, you can't hold me responsible". However, it could conceivably be argued that because the *intentional insecurity* of the author's site was to blame, that the limitation of accidental or end-user damage is moot. I don't really specialize in legal, just a thought though. Perhaps I just *wanted* to see ISS put out of business. <g> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Vulnerability Disclosure Debate, (continued)
- RE: Vulnerability Disclosure Debate Mike Fratto (Aug 08)
- RE: Vulnerability Disclosure Debate Jason Coombs (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 07)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Vulnerability Disclosure Debate Valdis . Kletnieks (Aug 08)
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Message not available
- Re: Vulnerability Disclosure Debate Aron Nimzovitch (Aug 08)
- Re: Re: Vulnerability Disclosure Debate Georgi Guninski (Aug 09)
- Re: [Security] [vendor-sec] Re: Re: Vulnerability Disclosure Debate Seth Arnold (Aug 11)