[brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ...
dpuryear at usa.net
Fri Jul 6 09:32:36 CDT 2001
Tim Fournet wrote:
<em>> On 05 Jul 2001 08:37:55 -0500, Dustin Puryear wrote:
<em>>>I disagree. A vendor is only liable if they ship an insecure product.
<em>>>This makes all parties equally responsible.
<em>> Under current EULA laws, the vendor isn't liable for anything. At least
<em>> the smaller companies have growing reputations to maintain. Microsoft as
<em>> a company can survive any amount of backlash to insecure products. MS
<em>> has willingly sacrificed security for usability and market control in
<em>> their products, and will continue to do so.
<p>Well, we need to remember that the current freedom to provide "no
warranty" affects both closed and open source software. I have yet to
decide whether I believe that software developers should or should not
be liable for problems caused by their software.
On the one hand, it is true that making developers liable for issues
relating to their software will result in more stable systems. However,
let's not forget that open source developers will be just as liable. I
think this will inhibit the release of a lot of the free and fun, as
well as not so free and fun, software out there. The question is whether
the tradeoff between product robustness justifies the very possible
reduction in creativity and write-it-because-you-just-want-to mentality.
<em>>>>>Does the number of boxes sold make you more
<em>>>>>vendors who ship equally insecure systems but have
<em>>>>Yep. When it's closed source vs open.
<em>>>So as long as I ship an open source product I can make it as insecure as
<em>>>I want? I have no liability, or at least not as much as a closed source
<em>> You have a reputation. You have YOUR name and integrity on the code. You
<em>> may not care, and ship trash anyway, but that will be noted and
<em>> remembered in the community. Closed-source shops don't have that kind of
<em>> mentality. Your name might get listed in an easter egg or something, but
<em>> no one will know what you wrote. When a big closed-source shop writes
<em>> bad code, there's nobody to blame it on. Heck, they blame it on poor
<em>> integration between the programmers, or some other external factor.
<em>> Nobody else can see it anyway, so what do they care?
<p>I wish we lived in a complete meritocracy where those that produce the
best software always win the war, but that's not the case, even in open
source software. Far too often small, tightly focused, well written
programs often fall by the wayside to programs that offer more features,
even if most are unused, and are pretty.
My point is that the "community" doesn't always penalize bad software,
no matter where it comes from. So again, in some situations there is no
incentive for a developer to promote solid, secure design.
Dustin Puryear <dpuryear at usa.net>
In the beginning the Universe was created.
This has been widely regarded as a bad move. - Douglas Adams
BRLUG - The Baton Rouge Linux User Group
Visit http://www.brlug.net for more information.
Send email to majordomo at brlug.net to change
your subscription information.
<!-- body="end" -->
<li><strong>Next message:</strong> John Hebert: "[brluglist] CygWin: port of Unix tools to Win32"
<li><strong>Previous message:</strong> Larry Braud: "[brluglist] Linux"
<li><strong>In reply to:</strong> Tim Fournet: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..."
<li><strong>Next in thread:</strong> Dustin Puryear: "Re: [brluglist] Fw: Steve Gibson's July/2001 News from GRC.COM ..."
<li><strong>Messages sorted by:</strong>
[ date ]
[ thread ]
[ subject ]
[ author ]
[ attachment ]
This archive was generated by hypermail 2.1.2
: <em>Thu Sep 06 2001 - 11:10:54 CDT</em>
More information about the General