Re: Over a decade of DDOS--any progress yet?

[JC Dill <jcdill.lists () gmail com>]

 On 08/12/10 1:38 PM, Valdis.Kletnieks () vt edu wrote:
> The second issue is that if you *do* establish a legal precident that
> software vendors are liable for faults no matter what the contract/EULA
> says,

It doesn't matter what contract an auto maker makes with someone who 
purchases the car, if the brakes fail and the car hits ME, I can sue the 
auto maker due to the defective brakes.  If they design the car in a way 
that a 3rd party can easily tamper with the brakes, and then the car 
hits me, I can also sue the auto maker.  They are legally required to 
take due care in how they design the car to ensure that innocent 
bystanders aren't injured or killed by a design defect.  IMHO, there's 
no difference in the core responsibility that software makers should be 
held to, to ensure that their software isn't easily compromised and used 
to attack and injure 3rd parties.  The EULA is a red herring, as it only 
applies to the purchaser (who agrees to the EULA when they purchase the 
computer or software), not to 3rd parties who are injured.

If the software doesn't work as designed and the purchaser is unhappy, 
that's between them and the company they bought the software from.  But 
when it injures a 3rd party, that's a whole different ball game.  I 
truly don't understand why ISP's (who bear the brunt of the burden of 
the fall-out from the compromised software, as they fight spam and have 
to provide customer support to users who complain that the "internet is 
slow" etc.) haven't said ENOUGH.

jc