Mr. Banisar, I agree with you.

And I have to wonder if some of the other posts were made by pr reps for some large companies.

I've been shocked that software developers have not been held legally accountable for their products. Just because they have a "click-through" license doesn't mean it legally means anything.

A simple comparison is the "legal agreement" you receive when you park a car in a parking lot. It basically says the parking lot is not responsible for anything. I don't know of a single court in the US that has upheld one of those "agreements". Lesson: just because there is a legal-sounding license doesn't mean it holds any legal water.

Several months ago I discovered what may be a HUGE security problem with software that many people (maybe you, the reader) currently have installed. I spoke with one of the high-level executives of the company (a company with which EVERYONE reading this is familiar), and the exec told me they are aware of MANY security problems in their product, but choose not to fix them all. The exec went on to tell me that they fix the primary, easy to spot ones, and don't spend times fixing the tricky ones.

Just like the car companies, they know how much to fix to maximize profits - not safety or security. The only way to correct this is to impose a financial penalty - or the threat of one.

There is ABSOLUTELY no reason why a software manufacturer should not be accountable for their product - even if they claim it is has no warranties for any particular purpose. In no other industry can you sell a defective product - knowingly or not - and get away with it.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/47/9303#9303