Full-Disclosure Wins Again
twistedmoney99 writes "The full-disclosure debate is a polarizing one. However, no one can argue that disclosing a vulnerability publicly often results in a patch — and InformIT just proved it again. In March, Seth Fogie found numerous bugs in EZPhotoSales and reported it to the vendor, but nothing was done. In August the problem was posted to Bugtraq, which pointed to a descriptive article outlining numerous bugs in the software — and guess what happens? Several days later a patch appears. Coincidence? Probably not considering the vendor stated "..I'm not sure we could fix it all anyway without a rewrite." Looks like they could fix it, but just needed a little full-disclosure motivation."
It works in software, it works in government too. Only slimy bastards hide behind their veil of secrecy to their customers/public.
But the current admistration has held all their policy meetings in secrecy and has failed to provide disclosure of details of it's inner workings to congress even in numerous private sessions due to "executive privilege". Are you calling our great leader a slimy bastard ?
the entire industry has grown up and adopted around coding practices knowing they can use a get out of jail free card EULA, so fast sloppy is the norm, the evil "buffer overflow" is an expected feature they don't care about too much, and using active scripting on websites is considered cool. You know what, a lot of consumers don't care, because they are the ones suffering while the multi hundred billion a year industry cashes the checks. Enough's enough, now it is time for them to grow up and enter the adult world were warranties for consumer products are normal. Don't you think half a century of helping get the industry off the ground is ENOUGH training wheels time? How much of "you can get patents on your precious IP making it a legal product" don't you understand? Either give up patents and high prices, or openly admit your stuff is experimental betaware and is much closer to artwork than engineered products and charge a pittance or free for it, one or the other, but charging big bucks for no warranties got old a long time ago for the 99.9999% of the public who AREN'T coders but have to toe the line when it comes to whatever they "produce".
Software is SO bad that people throw away perfectly functioning hardware, thinking their computer is "broken".
That's NUTZ! It's a blatant ripoff, too, something ya'all chuckle about I am sure.
Now, I run FOSS that is free for the taking, and I know full well it is always experimental beta, even if it is called "full stable release", BUT, if I was running some expensive proprietary "solution" that some billion buck obscene profits software company "licensed" to me so they could "leverage" more quarterly profits and it got hosed and cost me the big bucks, you'd bet the farm their ass would be in court and I'd be challenging that damn "no fault" EULA, and patents and business models would be a big part of the case, and I'd invite any and all interested parties to join in a class action, all the way to the supreme court if necessary.
And I bet it happens sometime, eventually some rich PHB who ISN'T in the software industry but who has to adhere to consumer warranties with whatever he makes is just gonna be pissed off enough from hosed software and ridiculously stupid computers that are more trouble than they are worth and he'll have access to onstaff lawyers and other lawyers who can get the ball rolling and he'll have enough cash to push the issue, because it NEEDS to happen. As long as the industry calls it a product and treats it like a product, instead of "art", as in copyrights only like other typed up stuff, then fuck 'em, they need a normal consumer warranty and it needs to be reasonably free from defects and damn suitable for purpose. Remember, all other industries went through this phase, a long time ago we had zero warranties on anything, the entire world of manufacturing fought having warranties, but you know what? They adapted. It's not perfect now, and yes, sometimes there are recalls big and small, just look at what Nokia is having to suck up now,but it still works, we still have manufacturing, profits are still being made, proving their cries of "end of civilization" if warranties were enforced were total bogus alarmist lies. The only place snakeoil caveat emptor still exists is with software "products". So tough ruck, either start doing the right thing voluntarily or wake up one day being FORCED to do it, because it IS going to happen. There's just so much of a free skate consumers and the voting public will allow before they get mightily annoyed.
And it will only take *one pissed off rich guy* to get this going, just *one*. Feeling lucky? You've pushed the envelope on expensive crapware for decades now, eventually you'll get called on it. Joe public is hard to get moving, but once moving, they are hard to stop, and things DO change then.