Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cure For Bad Software? Legal Liability

Posted by timothy on from the sue-the-bastards dept.

satch89450 writes: "SecurityFocus had a column that I missed when it was first published a few days ago, titled 'Responsible Disclosure' Draft Could Have Legal Muscle, but I discovered it when researching an answer to a comment on the CYBERIA mailing list. In this article, Mark Rasch discusses how the Draft would set the rules for reporting security vunerabilities, and in particular define the boundaries of liability assumed by bug-disclosers. By adopting a "Best Practices" RFC, the IETF could help the reporters of security-related bugs do their job, and put the onus of fixing the bugs on the vendors who make the mistakes, where it belongs. (The RFC draft described in the article, 'Responsible Vulnerability Disclosure Process, is here at the ISI repository.) This is, of course, in direct opposition to the process that Microsoft's Scott Culp, Manager of the Microsoft Security Response Center, would like to see. As Microsoft is more part of the problem than part of the solution, I believe that the path to a formal process would better serve the entire community - and that community includes Microsoft's customers. I'm taking this seriously because the mainstream press is talking about the issue, and what it's going to take to fix it. Here is an example from BusinessWeek that scares me silly. I'm glad I'm looking to change careers from software development to something safe, like law."

4 of 367 comments (clear)

  1. baha by Anonymous Coward · · Score: -1, Offtopic

    baha

  2. Re:Open Source Software As Well by Anonymous Coward · · Score: -1, Offtopic

    What are you talking about? There hasn't been any page widening for weeks, and I know this because I browse every story at -1. I think your browser must be broken.

  3. Re:Open Source Software As Well by Anonymous Coward · · Score: -1, Offtopic

    Can you point me to the Web Standard that decrees why there is no page-widening problem on some browsers but there is on others? A specific citation would be helpful.

    Otherwise, you're talking about 'proprietary extensions', and we all know how bad THOSE are viewed here at Slashdot.

  4. (OT) current PLPs exploit an IE bug by Anonymous Coward · · Score: -1, Offtopic

    .IfyouareusingMicrosoftInternetExplorer .thenpageswrittenlikethis .withnolinks .andwordsseparatedonlybynonbreakingspaces .andspacedots .willberenderedcompletelyononeline .asyouseehere .ThusPAGEWIDENINGISBACK .andthereislittleausercando .exceptmovetoadifferentwebsite .Ofcourserealwebbrowsershavefixedthesebugs .alongtimeago .Sousetherecent.9.9releaseofMozilla