Full Disclosure mailing list archives
Re: Re: DCOM RPC exploit (dcom.c)
From: "Jennifer Bradley" <jenbradley () webmail co za>
Date: Sun, 27 Jul 2003 18:27:39 +0200
Having vendors liable for software bugs is the worst thing in the world for software! I'm just a newbie to programming and security... but imagine all the small software shops/startups and open source projects that would be closed because people are too afraid of being sued!! Especially when you're a small shop trying to get up on their feet in the market, one angry large customer that sues you because your product went down will kill the entire company. I just don't think that's right! If individual programmers to open source projects become targets of lawsuits because they wrote a bug, imagine how many people will continue contributing to Linux, Apache, or any other project? I think that's just playing into the hands of the larger, more established companies like Microsoft, Oracle, etc. because they can afford to take hits or they have the lawyers to protect themselves. As well, this would probably wipe out software security firms as well, because they could be sued for releasing software or information that exploited vulnerabilities, it it leads to appreciable monetary losses due to the release of this information. As a rule of thumb, I think it's always better to keep the lawyers out of everything!! ;) jb On Sun, 27 Jul 2003 10:49:40 -0400 (Eastern Daylight Time) Chris Paget (chrisp () ngssoftware com) wrote:
On Sun, 27 Jul 2003, Georgi Guninski wrote:IMHO releasing the exploit is ethical and legal. The root of the problem is m$, they should take responsibility for
the worms.
I agree completely that maybe the best way to stop all this is to
make vendors
liable for flaws in their products. I heard rumours that this was
being
considered in the US - anyone know what the score is? Considering that worms are now starting to have real-world
consequences when
they DoS the net, it's a lot easier to start saying that a security
flaw is
causing direct, tangible, monetary loss to people affected. Surely
this should
make it easier for those who want to see vendors take responsibility
for the
code they churn out? Chris _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________________________________ LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail http://www.webmail.co.za/dialup/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: DCOM RPC exploit (dcom.c), (continued)
- Re: DCOM RPC exploit (dcom.c) w g (Jul 27)
- Re: DCOM RPC exploit (dcom.c) dhtml (Jul 26)
- Re: DCOM RPC exploit w g (Jul 26)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Neeko Oni (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Valdis . Kletnieks (Jul 27)
- Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
- Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
- Re: DCOM RPC exploit (dcom.c) El Guille (Jul 27)
- Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Jennifer Bradley (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) David R. Piegdon (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) CHeeKY (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Justin Shin (Jul 27)
- Re: DCOM RPC exploit (dcom.c) tcpdumb (Jul 27)
- Re: DCOM RPC exploit (dcom.c) Nick FitzGerald (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) David R. Piegdon (Jul 27)
- Re: Re: DCOM RPC exploit (dcom.c) Dan Stromberg (Jul 28)
- Re: DCOM RPC exploit (dcom.c) Curt Purdy (Jul 31)