nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Compromised machines liable for damage?

From: Owen DeLong <owen () delong com>
Date: Thu, 29 Dec 2005 05:20:41 -0800


--On December 29, 2005 5:51:04 AM -0500 Valdis.Kletnieks () vt edu wrote:


On Wed, 28 Dec 2005 13:20:51 PST, Owen DeLong said:


Denying patches doesn't tend to injure the trespassing user so much as
it injures the others that get attacked by his compromised machine.
I think that is why many manufacturers release security patches to
anyone openly, while restricting other upgrades to registered users.


Color me cynical, but I thought the manufacturers did that because a
security issue has the ability to convince non-customers that your
product sucks, while other bugs and upgrades only convince the sheep that
already bought the product that the product is getting Even
Better!(tm).....


That could be a factor, but, I know first hand from the legal departments
of at least two software "manufacturers" that it was at least a factor
in the decision, and, they do have concerns about being liable for
damages caused by security flaws in their software.

Owen


-- 
If it wasn't crypto-signed, it probably didn't come from me.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: