My god, is this fundamentally flawed idea or what?

"Company X: Hey, there is a security fix for that program you bought off us"
"Customer Y: Great, where is it"
"Company X: Oh, we can't GIVE it to you, pay up and bend over"

Now what customer in their right mind is going to pay for software where any possible critical flaws will only be resolved if they pay extra to the company. The first payment should entitle them to the garuantee that the software will work as well as it can until they stop using it. If a serious bug or worse a security flaw is discovered then it can be argued that the program is no longer a satisfactory piece of software.

Besides, implement this and you seriously compromise the element of trust "Are you SURE you didn't know about this before you released it and am now making me cough up extra for the patch?"

It is the responsibility of the programmer to maintain the software to acceptable levels for customers who have paid. Yeesh, Even discontinued open source projects usually include the caveat "development is halted, unless and seious bugs are found in which cse they will be fixed".




[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/200/23904#23904