Tim Fournet wrote: <em>> On 05 Jul 2001 08:37:55 -0500, Dustin Puryear wrote: <em>>>I disagree. A vendor is only liable if they ship an insecure product. <em>>>This makes all parties equally responsible. <em>> <em>> Under current EULA laws, the vendor isn't liable for anything. At least <em>> the smaller companies have growing reputations to maintain. Microsoft as <em>> a company can survive any amount of backlash to insecure products. MS <em>> has willingly sacrificed security for usability and market control in <em>> their products, and will continue to do so. <p>Well, we need to remember that the current freedom to provide "no warranty" affects both closed and open source software. I have yet to decide whether I believe that software developers should or should not be liable for problems caused by their software. On the one hand, it is true that making developers liable for issues relating to their software will result in more stable systems. However, let's not forget that open source developers will be just as liable. I think this will inhibit the release of a lot of the free and fun, as well as not so free and fun, software out there. The question is whether the tradeoff between product robustness justifies the very possible reduction in creativity and write-it-because-you-just-want-to mentality. <em>>>>>Does the number of boxes sold make you more <em>>>>>responsible than <em>>>>>vendors who ship equally insecure systems but have <em>>>>>less sales? <em>>>>> <em>>>>Yep. When it's closed source vs open. <em>>>> <em>>> <em>>>So as long as I ship an open source product I can make it as insecure as <em>>>I want? I have no liability, or at least not as much as a closed source <em>>>shop? <em>>> <em>> <em>> You have a reputation. You have YOUR name and integrity on the code. You <em>> may not care, and ship trash anyway, but that will be noted and <em>> remembered in the community. Closed-source shops don't have that kind of <em>> mentality. Your name might get listed in an easter egg or something, but <em>> no one will know what you wrote. When a big closed-source shop writes <em>> bad code, there's nobody to blame it on. Heck, they blame it on poor <em>> integration between the programmers, or some other external factor. <em>> Nobody else can see it anyway, so what do they care? <p>I wish we lived in a complete meritocracy where those that produce the best software always win the war, but that's not the case, even in open source software. Far too often small, tightly focused, well written programs often fall by the wayside to programs that offer more features, even if most are unused, and are pretty. My point is that the "community" doesn't always penalize bad software, no matter where it comes from. So again, in some situations there is no incentive for a developer to promote solid, secure design. Regards, Dustin
-- Dustin Puryear <[EMAIL PROTECTED]> http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams ================================================ BRLUG - The Baton Rouge Linux User Group Visit http://www.brlug.net for more information. Send email to [EMAIL PROTECTED] to change your subscription information. ================================================ <!-- body="end" --> <hr noshade> <ul> <li><strong>Next message:</strong> John Hebert: "[brluglist] CygWin: port of Unix tools to Win32" <li><strong>Previous message:</strong> Larry Braud: "[brluglist] Linux" <li><strong>In reply to:</strong> Tim Fournet: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Next in thread:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..." <li><strong>Messages sorted by:</strong> [ date ] [ thread ] [ subject ] [ author ] [ attachment ] </ul> <hr noshade> <small> <em> This archive was generated by hypermail 2.1.2 : <em>Thu Sep 06 2001 - 11:10:54 CDT</em> </em> </small> </body> </html>
