Full Disclosure mailing list archives
RE: Bill Gates blames the victim
From: "C. David Wilde" <cdw () mylinuxguy com>
Date: 03 Sep 2003 10:10:56 -0700
On Wed, 2003-09-03 at 09:02, Robert Ahnemann wrote:
"Richard M. Smith" <rms () computerbytesman com> writes (quotes):;; Q. "The buffer overrun flaw that made the Blaster worm ;; possible was specifically targeted in your code reviews ;; last year. Do you understand why the flaw that led to ;; Blaster escaped your detection?" ;; ;; A. "Understand there have actually been fixes for all of ;; these things before the attack took place. The challenge ;; is that we've got to get the fixes to be automatically ;; applied without our customers having to make a specialeffort.""Don't trust our software. But do trust our patching/update process..."Don't trust software but trust our software patches... We can continue the sentence by adding that the special effort is needed because new bugs are generated by these patches.Let's relate this to real life (flame that line if you want). Your car has a defect that causes the oil pan to leak. Ford (I drive one, I can talk) issues a recall saying they know about the leak and are offering you a free fix, if you would just take the time to take the car to the shop. You decide that you know better and that you would rather not invest the time. You engine is lying on the ground three weeks later. Whose fault is it? They told you it was a problem. You neglected to address it. I can tell you who will be paying for the engine. Today's society is about dissolving accountability. I'm all for changing this around.
While I agree with that argument to a point, I've had several parts on several vehicles recalled, Ford does still hold some responsibility as to the quality of the car that they released. Take the Pinto for example, since we're talking about Ford, Ford released a faulty product that caused injury and death to some of their consumers, and they had to pay for that mistake. A company is liable for the damage that it's product causes, even if they issue a recall or a fix. I think that this issue is a little different, system admins have a responsibility and an obligation to patch their systems and it's their fault if they get rooted, but the software vendor also must share in that responsibility. If Ford, or any car manufacturer for that matter, had been allowed to escape punishment for some of the damage that they caused by selling a faulty product then we could all be driving cars that explode when rear ended. If a company is hit where it hurts because they messed up then they will be that much more careful the next time around to release a product that is safer/better. My second point is that in the car business certain models of cars can be declared a Lemon if a certain percentage of that model is deemed faulty. Consumers are entitled to compensation for Lemon cars, why are they not compensated for Lemon software? Microsoft has a well established track record of releasing insecure and buggy software, many software companies that we rely on also share that track record. I for one believe that it's time we start exposing and punishing those companies for not keeping the wellbeing of their consumers in mind while creating their products. Other industries have that burden, why should software be exempt? I hold Microsoft especially accountable for this because through their business practices they have maneuvered themselves into nearly every industry in one form or another. Their software, whether we like it or not, affects a great majority of the worlds population on a daily basis, and for them to blame the consumer is utterly ridiculous. Automatic patching is not the answer either, creating a product that can withstand the test of time and pressure is. That's why I drive a 1963 Pontiac :)
(forgot to send to the list poo) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Bill Gates blames the victim Petr Swedock (Sep 03)
- Re: Bill Gates blames the victim Alexandre Dulaunoy (Sep 03)
- <Possible follow-ups>
- RE: Bill Gates blames the victim Robert Ahnemann (Sep 03)
- RE: Bill Gates blames the victim C. David Wilde (Sep 03)
- RE: Bill Gates blames the victim Lim Swee Tat (Sep 03)
- RE: Bill Gates blames the victim Brent J. Nordquist (Sep 03)
- Re: Bill Gates blames the victim Petr Swedock (Sep 03)
- RE: Bill Gates blames the victim Robert Ahnemann (Sep 03)
- RE: Bill Gates blames the victim Lim Swee Tat (Sep 03)
- RE: Bill Gates blames the victim Robert Ahnemann (Sep 03)
- RE: Bill Gates blames the victim Lim Swee Tat (Sep 03)
- RE: Bill Gates blames the victim Richard M. Smith (Sep 03)
- RE: Bill Gates blames the victim Nick FitzGerald (Sep 03)
- Re: Bill Gates blames the victim Valdis . Kletnieks (Sep 05)