[LINK] Gates Misses the Mark, and the Point, on Security
rick at praxis.com.au
Wed Mar 9 10:56:52 EST 2005
Carl Makin wrote:
> Howard Lowndes wrote:
>> ...and about what you can get away with. Until corps are forced, most
>> probably by draconian legislation, to accept their liability for
>> security, then not much will change.
> Two edged sword though. While nowhere near as bad there are still the
> odd security problem with open source and free OSs as well. Should the
> OS "vendor" bear the cost of a security problem?
> I would think that heavy legislation to assign liability would in fact
> be better for Microsoft as it would almost completely eliminate
The risk and liability model for software creators proposed by Schneier
in "Secrets and Lies" is sensible. Basically, he says, the software industry
should adapt to the liability model that is currently imposed on almost all
(1) liability for software faults is enforced by law
(2) such liabilities can be transfered
(3) risk reduction mechanisms are provided
Point (2) means that software companies can purchase insurance to
cover the liability, which effectively transfers the liability and
replaces a variable/unknown risk and cost with an easy to manage
Point (3) means that insurances companies and the market will reward
truly secure and reliable software and actually punish the crap we
see from companies like Microsoft. Metrics and evaluation tecniques
for software reliablity will be developed to administer and track
What remains to be discussed is the effect this has on FOSS. Would each
copyright holder have to take out liability insurance for their software?
This may not be that onerous if the insurance were not too costly. Given
the that FOSS has been traditionally more "auditable" and "verifiable",
perhaps it would be more amenable to insurance auditing requirements.
I note that the GPL includes a clause highlighting that absolutely
no warrantry is provided by this software. As well, Microsoft's EULA
clearly states several times that their max liability is $5.00 or the
cost of the software, whichever is less. If legislation were introduced
in this regard, such clauses would become meaningless and unenforceable
Rick Welykochy || Praxis Services
Blessed are the cracked for they let in the light.
-- Spike Milligan
More information about the Link