Re: Security and EOL issues (was RE: WMF Exploit Patch released)
- From: "Jeffrey F. Bloss" <jbloss@xxxxxxxxxxxxxxx>
- Date: Thu, 12 Jan 2006 20:16:31 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tuesday 10 January 2006 02:41 pm, Steveb@xxxxxxxxxx wrote:
> Hi all,
>
> I must weigh in on this with an analogy. Asking software companies to
> offer free patches to software whose core technologies are considered
> out of date by the mainstream industry is like asking Ford Motor company
> to offer free airbag installations in all 1920 vintage automobiles.
Not really, for a couple of reasons.
If a flaw exists in a piece of software a "core" technology must exist too.
1920 era vehicles lack the modern electrical systems and physical features
that allow air bag installation without extensive modification to the
automobile itself. A software patch or bug fix, by definition, is something
that only modifies an existing "part". Your analogy would be more like
expecting Microsoft to upgrade Notepad so that it was identical to Word.
Installing air bags requires that the automobile manufacturer design, test,
and produce the upgrade. As does a software patch. But in the automobile
scenario no typical end user is going to be able to order the parts and
perform the work themselves. Unlike software patches. There's an entire
"implementation" phase of fixing automobiles that simple does not exist in
the world of software. In fact, as we just saw first hand the fix can be
manufacturered, packaged, and implemented at little or no cost at all. Even
by third parties. ;)
> The rest of the capitalist world protects themselves from such
> expectations in the form of limited time warranties. Why should the
> software world be any different?
This too is a flawed analogy. We're not talking about adding features or
functionality, or fixing something that wears out through normal use. We're
talking about fixing flaws and errors. The capitalist world most definitely
does find itself liable for problem in products that are no longer supported.
A glaring example would be asbestos.
If a significant number of people still drove 1920's era vehicles, and a major
design miscalculation like wheels falling off due to the usage of superballs
instead of ballbearings were discovered, it's a pretty safe bet Ford would be
"patching" a significant number of their 1920's era automobiles.
Yes, it's a silly example, but the point is that product vendors are
accountable for their mistakes long after their advertised warranties expire.
If a flaw that impacts the end user's "safety" is discovered, a manufacturer
is almost always held accountable and required to make things right.
Why should the software world be any different? :)
- --
Hand crafted on January 12, 2006 at 19:35:31 -0500
Outside of a dog, a book is a man's best friend.
Inside of a dog, it's too dark to read.
-Groucho Marx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDxv90RHqalLqKnCkRAhXCAJ0SjrITxOk1F9QR6hF09EJS0lshMACeMtEP
15QXrab8r5FA4cw/jR9d3rk=
=TpIK
-----END PGP SIGNATURE-----
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
----------------------------------------------------------------------------
- Follow-Ups:
- RE: Security and EOL issues
- From: Donald N Kenepp
- RE: Security and EOL issues
- References:
- Prev by Date: Re: Please Review a Diffie Hellman diagram
- Next by Date: Re: Windows XP and FTP
- Previous by thread: RE: Security and EOL issues (was RE: WMF Exploit Patch released)
- Next by thread: RE: Security and EOL issues
- Index(es):
Relevant Pages
|
|
