Finally, someone is holding vendors responsible for vulnerabilities

Dr. G plug-discuss@lists.plug.phoenix.az.us
Wed, 12 Feb 2003 09:57:43 -0700 

Agreed. The only thing the software vendor should be sued for is NOT making
a patrch. MS policy of not supporting old software is BS IMO. No new
features? Ok. But fix the problems it has.


____________________________________________________________________________
______________
America stands for freedom - but if you think you're free - try walking into
a deli - and urinating on the cheese.
----- Original Message -----
From: "Francois, Jean (J.L.)" <jfranc46@ford.com>
To: <plug-discuss@lists.plug.phoenix.az.us>
Sent: Wednesday, February 12, 2003 9:52 AM
Subject: RE: Finally, someone is holding vendors responsible for
vulnerabilities



IMHO the way to properly apply a lawsuit would be to sue those
that are NEGLIGENT at patching and fixing 0wn3d systems.

So, if you notice a server listed at Dshield or on
your IDS that is actively performing portscans/attacks
and report it to the owner and upstream it must be fixed
within [INSERT TIME FRAME HERE].

If it doesn't get fixed, gather up the documentation needed
and sue them for negligence and damages for not responding
to and correcting the problem.


My .02

--
Jean L. Francois - Linux Architect
Ciber, Inc.
FSIC - Ford Systems Integration Center
Office - 313-317-4378 ( Temporary )
Home   - 586-293-9081 ( Until April )
Cell   - 602-770-5531


-----Original Message-----
From: Dr. G [mailto:drghastly@cox.net]
Sent: Wednesday, February 12, 2003 11:43 AM
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Re: Finally, someone is holding vendors responsible for
vulnerabilities


There are many MANY vunerabilities in Linux. Numerous web sites list them.

Can YOU code a program so that it has 100% security, no flaws, etc? If you
can why don't you go work for these companies?

Suing for flaws is not a good answer. Lawsuits arw RARELY a good answer. If
the flaw was deliberate and can be proved so, then ok.

Suing a software vendor over flaws is a very bad idea. Making them patch it
is a good idea, imo.

____________________________________________________________________________
______________
America stands for freedom - but if you think you're free - try walking into
a deli - and urinating on the cheese.

----- Original Message -----
From: "George Toft" <george@georgetoft.com>
To: "PLUG Discuss" <plug-discuss@lists.PLUG.phoenix.az.us>
Sent: Wednesday, February 12, 2003 5:31 AM
Subject: Finally, someone is holding vendors responsible for vulnerabilities


--  Korean Group Mulls Class Action Suit Over Slammer
(3/4 February 2003)
The People's Solidarity for Participatory Democracy (PSPD), a Korean
civic group, is weighing the possibility of filing a class action
lawsuit against Microsoft Corp. for damages caused by the Slammer worm.
A recently passed product liability law holds companies liable for
damage caused by flaws in their products.
http://times.hankooki.com/lpage/nation/200302/kt2003020318021611960.htm
http://www.theregister.co.uk/content/56/29174.html

George
--
Discover . . .         | Free Computer Security Information
        <···> Secure   | http://www.georgetoft.com/security
         Networking    |
@http://georgetoft.com | Lock your box - keep your affairs private!
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss