Saturday, January 25, 2003

What are the responsibilities of software vendors when a vulnerability in their products enables a major disruption of our network infrastructure? In the evening TV news, a Symantec spokesman blamed the owners of the vulnerable servers for not having applied the appropriate patches. But keeping servers completely up to date is very expensive in staff and downtime. Many servers on the Internet are owned by small organizations who got them has a package of hardware and software, and who do not have the knowledge or the resources to perform upgrades and repairs. All software has bugs (although buffer overflow vulnerabilities may be stronger evidence of a reactionary profession than of the inherent difficulty of writing correct programs). But can't think of an argument that would excuse software vendors from at least the same level of diligence as car makers when a dangerous manufacturing defect is found in a car. Owners are individually contacted, and they are asked to visit local dealers for repair. The car maker pays not only for the replacement parts but also for repair labor.
9:05:47 PM    


© Copyright 2006 Fernando Pereira .
Last update: 8/2/06; 11:05:10 PM .

Click here to visit the Radio UserLand website. Valid CSS! Subscribe to "Fresh Tracks" in Radio UserLand. Click to see the XML version of this web page. Click here to send an email to the editor of this weblog.