Agreed. The only thing the software vendor should be sued for is NOT making a patrch. MS policy of not supporting old software is BS IMO. No new features? Ok. But fix the problems it has. ____________________________________________________________________________ ______________ America stands for freedom - but if you think you're free - try walking into a deli - and urinating on the cheese. ----- Original Message ----- From: "Francois, Jean (J.L.)" To: Sent: Wednesday, February 12, 2003 9:52 AM Subject: RE: Finally, someone is holding vendors responsible for vulnerabilities IMHO the way to properly apply a lawsuit would be to sue those that are NEGLIGENT at patching and fixing 0wn3d systems. So, if you notice a server listed at Dshield or on your IDS that is actively performing portscans/attacks and report it to the owner and upstream it must be fixed within [INSERT TIME FRAME HERE]. If it doesn't get fixed, gather up the documentation needed and sue them for negligence and damages for not responding to and correcting the problem. My .02 -- Jean L. Francois - Linux Architect Ciber, Inc. FSIC - Ford Systems Integration Center Office - 313-317-4378 ( Temporary ) Home - 586-293-9081 ( Until April ) Cell - 602-770-5531 -----Original Message----- From: Dr. G [mailto:drghastly@cox.net] Sent: Wednesday, February 12, 2003 11:43 AM To: plug-discuss@lists.plug.phoenix.az.us Subject: Re: Finally, someone is holding vendors responsible for vulnerabilities There are many MANY vunerabilities in Linux. Numerous web sites list them. Can YOU code a program so that it has 100% security, no flaws, etc? If you can why don't you go work for these companies? Suing for flaws is not a good answer. Lawsuits arw RARELY a good answer. If the flaw was deliberate and can be proved so, then ok. Suing a software vendor over flaws is a very bad idea. Making them patch it is a good idea, imo. ____________________________________________________________________________ ______________ America stands for freedom - but if you think you're free - try walking into a deli - and urinating on the cheese. ----- Original Message ----- From: "George Toft" To: "PLUG Discuss" Sent: Wednesday, February 12, 2003 5:31 AM Subject: Finally, someone is holding vendors responsible for vulnerabilities -- Korean Group Mulls Class Action Suit Over Slammer (3/4 February 2003) The People's Solidarity for Participatory Democracy (PSPD), a Korean civic group, is weighing the possibility of filing a class action lawsuit against Microsoft Corp. for damages caused by the Slammer worm. A recently passed product liability law holds companies liable for damage caused by flaws in their products. http://times.hankooki.com/lpage/nation/200302/kt2003020318021611960.htm http://www.theregister.co.uk/content/56/29174.html George -- Discover . . . | Free Computer Security Information <···> Secure | http://www.georgetoft.com/security Networking | @http://georgetoft.com | Lock your box - keep your affairs private! --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss