|
|
|
|
|
Posted by on June 14, 2005, 8:14 am
If you were Registered and logged in, you could reply and use other advanced thread options
Howdy,
If you can class action sue a tobacco company for the results of
smoking cigerettes, why has there been no class action suite against
software companies for all the haneous system architecture that has
gone into network applications?
I mean if Identity theft is truly such a big deal, and so much of it is
going on because a out-of-the-box installed operating systems runs a
dozen different network servers none of which were code-audited for
security, then it would seem reasonable that a lawyer might be inclined
to organize all this into a billion dollar lawsuit.
It seems to me that A certain software vendor is continuing to do
everything they can to blur client server architecture and thereby any
decernable boundary between -yours- and -mine-. I am guessing this is
to make make infosec an OS feature and not the domain of network
traffic shaping or statefull inspection. Anybody else notice this
trend?
-Thanks
-Matt
|
|
Posted by Walter Roberson on June 14, 2005, 4:00 pm
If you were Registered and logged in, you could reply and use other advanced thread options
:If you can class action sue a tobacco company for the results of
:smoking cigerettes, why has there been no class action suite against
:software companies for all the haneous system architecture that has
:gone into network applications?
That question has been asked a number of times by a number of
different people; there hasn't really been a definitive answer.
Another way of phrasing the matter is, "Why isn't software like
engineering, with manufacturers being held liable for faults?",
and "Why can't software be made as robust 'parts' that can be
selected from and put together, like the way machines are built?".
One of the several fora in which these discussions have taken
place is RISKS-DIGEST, which has the newsgroup instantiation
comp.risks . I suggest, for example, that you examine the
'Component Architecture' thread in Risks 23.73 and the followups
in Risks 23.74,
http://catless.ncl.ac.uk/Risks/23.73.html#subj5
http://catless.ncl.ac.uk/Risks/23.74.html#subj2
There were a number of very interesting replies. Amongst them,
a point made by Ray Blaak is the one that struck me as being
most realistic: that it would cost too much.
http://catless.ncl.ac.uk/Risks/23.74.html#subj2.6
--
Studies show that the average reader ignores 106% of all statistics
they see in .signatures.
|
| Similar Threads | Posted | | Please help with buying a UPS for my system | October 14, 2005, 2:01 pm |
| Vulnerabilities Management System | June 11, 2004, 4:50 am |
| NTFS - System files... | January 4, 2005, 2:21 pm |
| Advice pls on what is happening on my system | December 9, 2005, 5:14 am |
| Re: Advice pls on what is happening on my system | December 9, 2005, 6:53 am |
| Re: Advice pls on what is happening on my system | December 9, 2005, 2:52 pm |
| Re: Advice pls on what is happening on my system | December 9, 2005, 2:58 pm |
| Re: Advice pls on what is happening on my system | December 9, 2005, 9:19 pm |
| Password retrieval system | August 2, 2006, 3:08 am |
| Protecting the Operating System | September 23, 2006, 2:15 am |
|
|
|
XML site map