"A legally recognized privilege -- meaning that the information so created and so shared could not be used in any proceeding, civil, criminal, administrative or regulatory -- would encourage companies to take their best efforts to critically examine their information security practices and share the results with other companies that could benefit from the experience. " ROLF - like MS sharing THEIR flaws and secrets? I bet we see the second comming first!

The software companies already take NO responsibility for the lack of security/poor security of their work. I propose instead when a software company publishes buggy, non-secure code, we use all information gathered in any proceeding, civil, criminal, administrative or regulatory
to force the company to repair their work at NO ADDITIONAL CHARGE.

The users (us) paid to have functional software. Why should we continue to allow software companies to make money on selling us stuff that does not work? Why are the software manufactures exempt from false advertising?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/61/10578#10578