On Wed, Aug 01, 2001 at 12:42:40AM +0200, Auer, Karl James wrote:
> Grant Bayley wrote:
>
> > http://www.wired.com/news/politics/0,1283,45692,00.html
> > Federal rules that will make it obligatory for
> > specific sectors to download virus patches are already here
> > [...]
> > "It means financial institutions will have a legal obligation to take
> > steps to preserve the security of their organization,"
>
> I'd have thought making software companies legally liable for defects
> leading to losses due to security failures would get a whole lot more
> done a whole lot faster.
yes, that would be good.
however, that shouldn't eliminate the liability of those who, through
negligence or deliberate inaction, run insecure systems or networks
which are hijacked to harm a third party.
systems and network administrators have a professional responsibility
to keep up to date with security announcements and ensure that their
networks and systems are secure.
if you fail to properly secure or train your dog and it bites someone,
you're liable - why shouldn't you be liable for damage caused as a
direct result of you failing to properly secure your network?
> On the flip side, there is also no excuse for users to expect to be able
> to use powerful and possibly dangerous tools with no effort and no
> learning curve.
yep.
craig
-- craig sanders <cas@taz.net.au>Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:02 EST