[87608] in North American Network Operators' Group
Re: Compromised machines liable for damage?
daemon@ATHENA.MIT.EDU (Owen DeLong)
Wed Dec 28 16:17:23 2005
Date: Wed, 28 Dec 2005 13:12:32 -0800
From: Owen DeLong <owen@delong.com>
To: Jason Frisvold <xenophage0@gmail.com>
Cc: Marshall Eubanks <tme@multicasttech.com>,
"Steven M. Bellovin" <smb@cs.columbia.edu>,
"Hannigan, Martin" <hannigan@verisign.com>,
Joseph Jackson <jjackson@aninetworks.com>, NANOG <nanog@merit.edu>
In-Reply-To: <924f29280512280638h53e0bdf1pfeb6c34dba110927@mail.gmail.com>
Errors-To: owner-nanog@merit.edu
--==========C2ACACCA6CB01204E27F==========
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
--On December 28, 2005 9:38:11 AM -0500 Jason Frisvold
<xenophage0@gmail.com> wrote:
>
> On 12/27/05, Owen DeLong <owen@delong.com> wrote:
>> Look at it another way... If the software is open source, then, there
>> is no requirement for the author to maintain it as any end user has
>> all the tools necessary to develop and deploy a fix. In the case of
>> closed software, liability may be the only tool society has to
>> protect itself from the negligence of the author(s). What is the
>> liability situation for, say, a Model T car if it runs over someone?
>> Can Ford still be held liable if he accident turns out to be caused
>> by a known design flaw in the car? (I don't know the answer, but,
>> I suspect that it would be the same for "old" software).
>
> But can't something similar be said for closed source? You know
> there's a vulnerability, stop using it... (I'm aware that this is
> much harder in practice)
>
One other thing I forgot to say here... With closed software, you don't
have the option of fixing it yourself. With open source, that claim
cannot be made. As such, since there are some cases in which the
damage done by stopping use must be weighed against the damage
done by continued use, it's a harder question WRT closed software,
especially when it is an operating system.
Owen
--
If it wasn't crypto-signed, it probably didn't come from me.
--==========C2ACACCA6CB01204E27F==========
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFDsv/Bn5zKWQ/iqj0RAmAuAJ49Fr3EQHp7/z1wD9e9rDAbtWEE1wCfTHGn
mbD3TrXk+IQHbMvxEuH0tvU=
=UW4T
-----END PGP SIGNATURE-----
--==========C2ACACCA6CB01204E27F==========--
