"Jason Coombs" writes: > > Had the distribution binaries been modified, ISS may well > > have been bankrupted by customer lawsuits for negligence. > > Perhaps you could cite a legal case somewhere in the world that backs up this > assertion. To my knowledge nobody has ever lost a penny in court due to this > type of infosec penetration.
I don't think we've ever *had* this type of infosec penetration. If my box gets hacked because I missed a patch, and you download compromised code, I can say "oops, I screwed up, but look at my disclaimer". Many software companies write things that say something to the effect of "if you suffer any damage because of your use of my code, you can't hold me responsible". However, it could conceivably be argued that because the *intentional insecurity* of the author's site was to blame, that the limitation of accidental or end-user damage is moot. I don't really specialize in legal, just a thought though. Perhaps I just *wanted* to see ISS put out of business. <g> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
