Re: security related contract

[Eric Scher <ericscher () mac com>]

==========================================================================
 ~ "One of our customers asked us for a machine that would
ensure their local network security. Our commercial representative came
and asked if I had a solution for them. {blah, blah, blah...}, asked what 
guarantees could I offer and if I had a sample contract for such services. 
Now my fellow posters, I ask for thy help. Could anyone help me with such
a contract? ~
===========================================================================

You may not be old enough to remember Western Union Telegrams, but on the back of the form, if you read the contract, 
they were basically agreeing to ATTEMPT to deliver your message, and nothing more. They could fail or deliver by slow 
turtle, and they still weren't responsible.
Keep that concept in mind. You want to write a simple contract, don't try to fill it with legalese that you barely 
understand, and don't PROMISE any results. As we all know, there really is no absolute protection from 0-Day exploits, 
other than they old "unplug and throw in the river" method that has certain practical problems. Lets not even go INTO 
the End Luser and all the problems that he/she can cause.
DON'T try to make it iron clad, because iron clad contracts can be a PITA. Trust me.
Just make a contract promising to TRY to keep his systems healthy and secure and in a GENERAL way how you intend to go 
about doing so. 
Do NOT promise that nothing can go wrong, because that's exactly what WILL happen if you have promised that it wont.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html