ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]

Jorge Amodio jmamodio at
Wed Jun 9 17:40:57 UTC 2010

> You buy a car and as you're driving along a message comes into the
> dashboard: "Car Update needed, to fix A/C" you ignore it. Don't update
> it who cares, you're driving smoothly. Another alert comes into the car
> dashboard: "Critical alert, your breaks need this patch"... You ignore
> it and drive along. 5-10 years later the car manufacturer EOL's the car
> and support for it. You crash... Who is to blame, the car manufacturer
> or you for not applying the updates. Granted the manufacturer could have
> given you a better product, the fact remains, it is what it is.

Unfortunately in the software industry you get (when you do, not
always) the alert and the patch after the fact, ie the exploit has
been already out there and your machine may probably have been already

I never seen any operating system coming with a sign saying "Use at
your own risk", why when I buy a piece of software I have to assume it
to be insecure, and why I have to spend extra money on a recurring
basis to make it less insecure, when there is no guarantee whatsoever
that after maintenance, upgrades, patches and extra money my system
will not get compromised because a moron forgot to include a term
inside an if before compiling.

Insecurity and exploitable software is a huge business. I don't expect
software to be 100% safe or correct, but some of the holes and issues
are derived form bad quality stuff and as car manufacturers the
software producers should have a recall/replacement program at their
own cost.

My .02

More information about the NANOG mailing list