Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe)

From: "Jody C. Patilla" <jcp01 () attglobal net>
Date: Fri, 10 Aug 2001 20:33:08 -0400
At 11:40 PM 8/9/01 -0700, daN. wrote:

How about making it a felony to sell or otherwise provide software for
commercial use that contains buffer overflows ?  Or make it something you
cannot "disclaim" - it should be part of the exercising of due diligence
every software company has to get them out of software before releasing it.


I'm all for raising the bar for better software, but some times sh*t 
happens, most programers are people and they invariably make mistakes..we 
don't want to scare honest developers away from making software for fear of 
being sued.


What I would really like to see is a "cost of ownership" number from the
software
equivalent of Consumers Union or UL that would take into account how often
in a
set period of time software had to be patched, balanced against the cost 
incurred by not patching the software. You'd also have to figure in the
cost of
the skilled personnel required to maintain it, and other factors. But, you
could
really do risk management and liability abatement if you could compare the
true 
annual cost of running Apache versus IIS, for example.

Of course, when businesses fully comprehend the cost of using certain
pieces of 
software, class action lawsuits might quickly result......

- jcp


_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: