Re: Support the Sasser-author fund started

[Cedric Blancher <blancher () cartel-securite fr>]

Le jeu 13/05/2004 à 18:17, Aaron Gee-Clough a écrit :
> Duquette, John wrote:
> > Why not punish all the admins/users who failed to patch their systems in
> > time as well.  
> Because they didn't break the law.  It's really that simple. 

In France, there's a law that says you have to furnish available means
to appropriatly protect systems that personnal datas (names, addresses,
telephone numbers, CC numbers, etc.). However, it is not strict, so you
can justify a patch delay for validation means or anything else that
obviously prevent you to patch, in particular if you can produce a
workaround.

But doing nothing at all (no patch, no workaround) simply break the law.


-- 
http://www.netexit.com/~sid/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
> > Hi! I'm your friendly neighbourhood signature virus.
> > Copy me to your signature file and help me spread!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html