it's not about freeloading. It's about defective products. If I purchased a product and it is broken or defective in some way, I have rights under the the law to get that product replaced or repaired at no charge.

The same should be true for software. If some distribution vendor puts together a package and one component of that package is defective, they should replace that component at no charge. I don't care if that package is commercial or open source. If it's defective it should be repaired or replaced for free.

if there was a great concern for security, vendors would run all code through code analyzers and run anti-stack smashing or buffer overflow wrappers on their code. These preventative measures would reduce the amount of security releases which would be much cheaper for everyone.

---eric



[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/200/23973#23973