nanog mailing list archives
Re: Compromised machines liable for damage?
From: Owen DeLong <owen () delong com>
Date: Thu, 29 Dec 2005 05:20:41 -0800
--On December 29, 2005 5:51:04 AM -0500 Valdis.Kletnieks () vt edu wrote:
On Wed, 28 Dec 2005 13:20:51 PST, Owen DeLong said:Denying patches doesn't tend to injure the trespassing user so much as it injures the others that get attacked by his compromised machine. I think that is why many manufacturers release security patches to anyone openly, while restricting other upgrades to registered users.Color me cynical, but I thought the manufacturers did that because a security issue has the ability to convince non-customers that your product sucks, while other bugs and upgrades only convince the sheep that already bought the product that the product is getting Even Better!(tm).....
That could be a factor, but, I know first hand from the legal departments of at least two software "manufacturers" that it was at least a factor in the decision, and, they do have concerns about being liable for damages caused by security flaws in their software. Owen -- If it wasn't crypto-signed, it probably didn't come from me.
Attachment:
_bin
Description:
Current thread:
- Re: Compromised machines liable for damage?, (continued)
- Re: Compromised machines liable for damage? Barry Shein (Dec 28)
- Re: Compromised machines liable for damage? Richard A Steenbergen (Dec 28)
- Re: Compromised machines liable for damage? Owen DeLong (Dec 27)
- Re: Compromised machines liable for damage? Jason Frisvold (Dec 28)
- Re: Compromised machines liable for damage? Joseph S D Yao (Dec 28)
- Re: Compromised machines liable for damage? Owen DeLong (Dec 28)
- Re: Compromised machines liable for damage? Owen DeLong (Dec 28)
- Re: Compromised machines liable for damage? Douglas Otis (Dec 28)
- Re: Compromised machines liable for damage? Owen DeLong (Dec 28)
- Re: Compromised machines liable for damage? Valdis . Kletnieks (Dec 29)
- Re: Compromised machines liable for damage? Owen DeLong (Dec 29)
- RE: Compromised machines liable for damage? David Schwartz (Dec 28)
- RE: Compromised machines liable for damage? Owen DeLong (Dec 26)