Re: Re: [Full-Disclosure] DCOM RPC exploit (dcom.c)

From: Jennifer Bradley (jenbradley_at_webmail.co.za)
Date: 07/27/03

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] RE: DCOM RPC exploit" 
    To: full-disclosure@lists.netsys.com
Date: Sun, 27 Jul 2003 18:27:39 +0200

    Having vendors liable for software bugs is the worst thing in the
    world for software!

    I'm just a newbie to programming and security... but imagine all the
    small software shops/startups and open source projects that would be
    closed because people are too afraid of being sued!! Especially when
    you're a small shop trying to get up on their feet in the market, one
    angry large customer that sues you because your product went down will
    kill the entire company. I just don't think that's right! If
    individual programmers to open source projects become targets of
    lawsuits because they wrote a bug, imagine how many people will
    continue contributing to Linux, Apache, or any other project?

    I think that's just playing into the hands of the larger, more
    established companies like Microsoft, Oracle, etc. because they can
    afford to take hits or they have the lawyers to protect themselves.

    As well, this would probably wipe out software security firms as well,
    because they could be sued for releasing software or information that
    exploited vulnerabilities, it it leads to appreciable monetary losses
    due to the release of this information.

    As a rule of thumb, I think it's always better to keep the lawyers out
    of everything!! ;)

    jb

    On Sun, 27 Jul 2003 10:49:40 -0400 (Eastern Daylight Time) Chris Paget
    (chrisp@ngssoftware.com) wrote:

    >
    >On Sun, 27 Jul 2003, Georgi Guninski wrote:
    >
    >> IMHO releasing the exploit is ethical and legal.
    >> The root of the problem is m$, they should take responsibility for
    the worms.
    >
    >I agree completely that maybe the best way to stop all this is to
    make vendors
    >liable for flaws in their products. I heard rumours that this was
    being
    >considered in the US - anyone know what the score is?
    >
    >Considering that worms are now starting to have real-world
    consequences when
    >they DoS the net, it's a lot easier to start saying that a security
    flaw is
    >causing direct, tangible, monetary loss to people affected. Surely
    this should
    >make it easier for those who want to see vendors take responsibility
    for the
    >code they churn out?
    >
    >Chris
    >
    >_______________________________________________
    >Full-Disclosure - We believe in it.
    >Charter: http://lists.netsys.com/full-disclosure-charter.html

    _______________________________________________________________________
    LOOK GOOD, FEEL GOOD - WWW.HEALTHIEST.CO.ZA

    Cool Connection, Cool Price, Internet Access for R59 monthly @ WebMail
    http://www.webmail.co.za/dialup/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: Paul Schmehl: "RE: [Full-Disclosure] RE: DCOM RPC exploit"

    Relevant Pages