I haven't heard of a single case anywhere in this country within the last twenty years where an aggrieved customer successfully sued a software vendor. Therefore, the ability to sue software vendors is a really questionable standard of software selection, a red herring and a demonstration of bad faith because that argument is so dubious.

I trust Open Source. True, it would be beautiful if every piece of Open Source code was properly QA'ed but it is unfortunately not realistic. Just because every Open Source software is available to me does not mean that I use everything. I try to stick to the tried and true, and I heavily favor software such as Apache which I know is properly supported. It would be kind of nice if our tax-supported NSA could stoop to QA'ing some of the key Open Source software and suggest ways to improve its security directly to the authors, instead of downloading the Open Source software for free and then keeping the security modifications for itself.
There is a large conceptual difference between Microsoft patches and Linux patches: no one has yet reported instances where Linux patches have destabilized the OS, whereas the same cannot be said for MS.
(Hopefully, the main text will not be truncated) JUNKJUNKJUNKJUNKJUNK

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/82/12712#12712