On Thursday, 11 May 2017 at 09:39:57 UTC, Kagamin wrote:
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252&desc=5 - a vulnerability in an application that doesn't go on the internet.
This link got me thinking: When will we see the first class action lawsuit for criminal negligence for not catching a buffer overflow (or other commonly known bug) which causes identity theft or loss of data?
Putting aside the moral questions, the people suing would have a good case, given the wide knowledge of these bugs and the availability of tools to catch/fix them. I think they could prove negligence/incompetence and win given the right circumstances.
Would be an interesting question to pose to any managers who don't want to spend time on security.
