Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: HP Full Disclosure Story

From: full-disclosure () lists netsys com (hellNbak)
Date: Sat, 24 Aug 2002 17:16:05 -0400 (EDT)
On Sat, 24 Aug 2002, Georgi Guninski wrote:


Just take a look at real world.
When you buy a beer or a car and then find a bug in it, you may disclose
the bug as you wish. (As bonus, both beer and cars come with warranties,
unlike warez).

So what makes beer and cars so different than warez?


If I purchase a car and find that it has multiple problems, I am by law
allowed to turn it back into the dealer and get either my money back or a
new car.  If the dealer refuses, I call my lawyer and sue them.

SO WHY CAN'T WE SUE SOFTWARE VENDORS?!?!?!?

But, lets say I buy a car and it only has one problem, lets say that the
problem is major enough that it is going to take 10 days to be fixed, do I
call my lawyer and sue?  Or course not, I leave my car with the dealer and
patiently wait for him to fix it.

What I am trying to get at here is while I think we should be able to sue
software vendors we also hold the responsibility to inform the vendor of a
problem and see to it that the problem gets fixed.  If the vendor says
they need 10 days -- give them 10 days.  If after 10 days they haven't
done anything -- disclose (call the lawyers..).  To me its real simple.

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak () nmrc org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Previous By Date Next
Previous By Thread Next

Current thread: