North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Compromised machines liable for damage?
--On December 29, 2005 5:51:04 AM -0500 [email protected] wrote: > On Wed, 28 Dec 2005 13:20:51 PST, Owen DeLong said: > >> Denying patches doesn't tend to injure the trespassing user so much as >> it injures the others that get attacked by his compromised machine. >> I think that is why many manufacturers release security patches to >> anyone openly, while restricting other upgrades to registered users. > > Color me cynical, but I thought the manufacturers did that because a > security issue has the ability to convince non-customers that your > product sucks, while other bugs and upgrades only convince the sheep that > already bought the product that the product is getting Even > Better!(tm)..... That could be a factor, but, I know first hand from the legal departments of at least two software "manufacturers" that it was at least a factor in the decision, and, they do have concerns about being liable for damages caused by security flaws in their software. Owen -- If it wasn't crypto-signed, it probably didn't come from me. Attachment:
pgp00023.pgp
|