Re: Are ISP's responsible for worms and viruses

[Owen DeLong <owen () delong com>]

--On October 20, 2005 9:32:44 PM +0100 Freminlins <freminlins () gmail com> 
wrote:

> Owen DeLong wrote:
>
> > If companies that made
> > vulnerable OSs were held liable for the damage caused
> > by those vulnerabilities, you would rapidly see $$
> > make a BIG difference in the security quality of
> > OS Software.
>
> How would that work for free/open source OSs/software? Who exactly would
> be held liable? The contributors? Free OSs are just as capable of sending
> out malware/virus infected emails, etc. as commercial systems.
That depends:

Free closed source:  I would presume the closed source provider or no one.
        Hard to assign liability when money did not change hands.
        No money, no duty to care in most cases.  Product liability
        is pretty much limited to products that are sold.

Open Source: I would expect no liability exists because...
        1.      No money changes hands, no duty to care.
        2.      End user has full access to source, so, has at least
                shared responsibility for fitness to purpose.
        3.      Full access to source means end user cannot claim
                that vulnerability was hidden from end user.
        4.      Full access to source means end user has ability
                to correct vulnerability as soon as identified.

Finally, while your statement is theoretically true, in practice,
resolutions to vulnerabilities in open source software tend to be
delivered much faster than in closed source software.  Even allowing
for the difference in market share, the percentage of open source
based systems which are owned and acting as spambots is much lower
than the percentage of closed-source systems which are doing so.
(note:  in this, although it is hybrid closed/open, I'll even count
MacOS X in the open source for this purpose).

Owen

Attachment: _bin
Description: