HP is making the following points to all of us by threatening prosecution: (1) HP is not a responsible vendor - everybody has bugs, but the dividing line between a responsible vendor and an irresponsible one is the willingness to deal with the bugs as they are being announced; (2) HP's top priority is to avoid public embarassment, even at the expense of the welfare of its customers; (3) HP does not care about post-sales service, of which bug detection and fixes are clearly a part; (4) HP has no clue about how critical to its welfare as a company is maintaining and enhancing a good relationship with the security community.

In summary, I don't see any reason why I should bother to recommend HP workstations or minicomputers that run HP-UX to anyone: when I buy or recommend buying a product, I don't buy just the product but the company: so far as I am concerned, this company can go to hell. The only way HP can get back into my good graces as a security person is to make a public corporate apology and to put on a pike the head of the HP manager who sent that threatening letter to this gentleman and his employer.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/100/16110#16110