[4768] in WWW Security List Archive
Re: Why do you think you can trust PC software? (was Re: Latest Java
daemon@ATHENA.MIT.EDU (David M. Chess)
Tue Mar 11 16:02:31 1997
Date: Tue, 11 Mar 97 13:15:04 EST
From: "David M. Chess" <CHESS@watson.ibm.com>
To: WWW-SECURITY@ns2.rutgers.edu
Errors-To: owner-www-security@ns2.rutgers.edu
> From: Jay Heiser <Jay@homecom.com>
> There isn't a software vendor in the US who provides a guarantee that
> doesn't specifically preclude liability. I'm not aware of anyone ever
> sucessfully suing a vendor of packaged software for damages caused by
> their product. The buyer assumes all the risk. Period.
Liability disclaimers don't work quite that way, or quite that
well. If a company were found to have *intentionally* sold a
program that erased all your files and printed "ha ha ha", it
would be in various kinds of Serious Trouble, regardless of what
the words in the License Agreement said. On the other hand, if
a private individual were to put up a Web page that did that,
he'd be much harder to trace, and probably harder to sue (that
there was no exchange of money has some bearing on the sort of
liability, although not being legally-trained I couldn't say
just what).
Software that you buy from a store shelf represents quite a
number of hoops that its providers have jumped through to get
it to you, and QUITE a lot of money that they've laid out.
Software that you get by clicking on a link, on the other
hand, doesn't necessarily represent more than ten minutes of
work with a BASIC compiler and a copy of AOL! *8) So I
think it's still rational to want to have more control over
net-acquired software than over store-bought software, although
I also strongly agree that it'd be nice to have controls that
could be use to restrain both...
- -- -
David M. Chess "Hello!"
High Integrity Computing Lab -- A. Einstein
IBM Watson Research
