nanog mailing list archives

Re: product liability (was 'we should all be uncomfortable with the extent to which luck..')


From: LBolton () geiger com
Date: Wed, 25 Jul 2001 09:17:26 -0400



Your analogy is flawed.

The question is, should Firestone be responsible for someone going around
slashing the tires?  No they shouldn't.

Then why should Microsoft or any other software manufacturer be responsible
for the damage done by third parties?

You could make the argument that Microsoft should have designed more
security into their products to prevent security breaches of this nature,
but you could also argue that Firestone should make their tires out of
kevlar to prevent people from slashing them.

We shouldn't hold the software manufacturers responsible, unless they
willingly and knowingly left the security flaw in place.  We should hold
the programmers that release malicious code responsible.




                                                                                                                        
                         
                    William Allen                                                                                       
                         
                    Simpson                 To:     nanog () nanog org                                                  
                            
                    <wsimpson@greend        cc:     caida () caida org                                                  
                            
                    ragon.com>              Subject:     product liability (was 'we should all be uncomfortable with 
the extent  to which        
                    Sent by:                luck..')                                                                    
                         
                    owner-nanog@meri                                                                                    
                         
                    t.edu                                                                                               
                         
                                                                                                                        
                         
                                                                                                                        
                         
                    07/25/01 02:42                                                                                      
                         
                    AM                                                                                                  
                         
                                                                                                                        
                         
                                                                                                                        
                         




Perhaps a different approach is in order -- product liability.

When Firestone made a large number of bad tires, they compensated the
purchasers by PAYING for replacement, including those that had not yet
been injured.  That included the upgrade, and the installation cost.

Network operators have been injured by the distribution of buggy software
from M$.  We need to be compensated for our time and expenses.

End users need to be compensated for their costs to upgrade.

A check in the mail would be a better incentive to administrators than
"automatic" updates.


"Wayne E. Bouchard" wrote:

On Tue, Jul 24, 2001 at 10:35:37PM -0700, k claffy wrote:
     ==>  5.4 billion people haven't selected an OS yet


[k: maybe we can get them on OS-antioxidants
before it's too late]

...
Doing this, right now, can be difficult for many users to grasp (lets
face it, some software doesn't update well, if at all) and may require
more effort than even reputable administrators are willing to extend.

How to go about making the public more secure, of course, is an
on-going debate and perhaps even a losing battle but still worth the
effort.

--
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32





Current thread: