WindowsITSecurity.com: Are Security Bugs an Unfair Liability?Aug 11, 2000, 19:55 (1 Talkback[s])
(Other stories by Mark Joseph Edwards)
[ Thanks to Robert Morrison for this link. ]
"Every time I hear about a new way to steal files from a system, I get suspicious about why such a security bug exists in the first place. As end users, we carry most of the liability for bug-ridden software. Most manufacturers disclaim that liability by having us accept some type of end-user license agreement. Such agreements prevent end users from seeking damages when a manufacturer's product proves to be faulty. So when someone uses a programming flaw (such as the nasty hole recently discovered in Netscape Communicator) to steal files from our systems, it's our fault because we used the software. I'll never understand how that makes sense...."
"Most hardware and software manufacturers get their products debugged for free by the world's countless independent hackers, and those hackers rarely get significant thanks from vendors in return for their hard work. Instead, corporate-sponsored lobbyists push for tough federal laws that strive to prohibit reverse engineering, which would make most forms of software hacking illegal. So in the future, it's possible that if a hacker finds a serious security problem in the code from some widely adopted OS, that hacker could go to prison simply by reporting the flaw to the manufacturer: The hacker would be indirectly admitting to reverse-engineering the product. But if we can't reverse engineer product code, we can't protect ourselves. We'll be forced to trust the manufacturer."