product liability (was 'we should all be uncomfortable with the extent to which luck..')

Wed Jul 25 13:17:26 UTC 2001

Your analogy is flawed.

The question is, should Firestone be responsible for someone going around
slashing the tires?  No they shouldn't.

Then why should Microsoft or any other software manufacturer be responsible
for the damage done by third parties?

You could make the argument that Microsoft should have designed more
security into their products to prevent security breaches of this nature,
but you could also argue that Firestone should make their tires out of
kevlar to prevent people from slashing them.

We shouldn't hold the software manufacturers responsible, unless they
willingly and knowingly left the security flaw in place.  We should hold
the programmers that release malicious code responsible.

                    William Allen                                                                                                                
                    Simpson                 To:     nanog at nanog.org                                                                              
                    <wsimpson at greend        cc:     caida at caida.org                                                                              
                    ragon.com>              Subject:     product liability (was 'we should all be uncomfortable with the extent  to which        
                    Sent by:                luck..')                                                                                             
                    owner-nanog at meri                                                                                                             
                    t.edu                                                                                                                        

                    07/25/01 02:42                                                                                                               
                    AM                                                                                                                           

Perhaps a different approach is in order -- product liability.

When Firestone made a large number of bad tires, they compensated the
purchasers by PAYING for replacement, including those that had not yet
been injured.  That included the upgrade, and the installation cost.

Network operators have been injured by the distribution of buggy software
from M$.  We need to be compensated for our time and expenses.

End users need to be compensated for their costs to upgrade.

A check in the mail would be a better incentive to administrators than
"automatic" updates.

"Wayne E. Bouchard" wrote:
>
> On Tue, Jul 24, 2001 at 10:35:37PM -0700, k claffy wrote:
> >      ==>  5.4 billion people haven't selected an OS yet
> >
> >
> > [k: maybe we can get them on OS-antioxidants
> > before it's too late]
>
>...
> Doing this, right now, can be difficult for many users to grasp (lets
> face it, some software doesn't update well, if at all) and may require
> more effort than even reputable administrators are willing to extend.
>
> How to go about making the public more secure, of course, is an
> on-going debate and perhaps even a losing battle but still worth the
> effort.
>
--
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32