Alan Dayley wrote:
> 
> Better solution if you have access to a lawyer:
> 
> 1 - Discover and document security hole.
> 2 - Hire lawyer.
> 3 - Your lawyer contacts vendor threatening lawsuit because your personal
> information is at risk.  Also hold them liable for any spurious expenses
> that can be blamed on unauthorized use of your personal information.
> 4 - Collect settlement from vendor and let them fix their own problem.
> 
> Attack lawyers can work both ways!
> 
> Alan

That sounds good unless you read the shrinkwrap/clickwrap
licensing agreement that states: "This may or may not be
software, it may not work at all, we don't even suggest it's
fit for any purpose, we agree to be liable for the
replacement of defective media at our discretion (period)".

That's what makes it such a hoot when someone suggests
avoiding open source because "there's no one to collect
damages from if there's a software problem that costs you
millions"; "you need a Big Company standing behind you"
(just don't bend over in front of 'em).

-- 
Carpe cerevisiae