[133399] in North American Network Operators' Group
Re: Over a decade of DDOS--any progress yet?
daemon@ATHENA.MIT.EDU (JC Dill)
Wed Dec 8 23:02:28 2010
Date: Wed, 08 Dec 2010 20:02:21 -0800
From: JC Dill <jcdill.lists@gmail.com>
To: NANOG list <nanog@nanog.org>
In-Reply-To: <28793.1291844294@localhost>
Reply-To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 08/12/10 1:38 PM, Valdis.Kletnieks@vt.edu wrote:
>
> The second issue is that if you *do* establish a legal precident that
> software vendors are liable for faults no matter what the contract/EULA
> says,
It doesn't matter what contract an auto maker makes with someone who
purchases the car, if the brakes fail and the car hits ME, I can sue the
auto maker due to the defective brakes. If they design the car in a way
that a 3rd party can easily tamper with the brakes, and then the car
hits me, I can also sue the auto maker. They are legally required to
take due care in how they design the car to ensure that innocent
bystanders aren't injured or killed by a design defect. IMHO, there's
no difference in the core responsibility that software makers should be
held to, to ensure that their software isn't easily compromised and used
to attack and injure 3rd parties. The EULA is a red herring, as it only
applies to the purchaser (who agrees to the EULA when they purchase the
computer or software), not to 3rd parties who are injured.
If the software doesn't work as designed and the purchaser is unhappy,
that's between them and the company they bought the software from. But
when it injures a 3rd party, that's a whole different ball game. I
truly don't understand why ISP's (who bear the brunt of the burden of
the fall-out from the compromised software, as they fight spam and have
to provide customer support to users who complain that the "internet is
slow" etc.) haven't said ENOUGH.
jc
