Gossamer Forum
Home : General : Chit Chat :

Laws to Punish Insecure Software Vendors?

Quote Reply
Laws to Punish Insecure Software Vendors?
[ source: slashdot.org ]

"An influential body of researchers is calling on the US Government to draft laws that would punish software firms that do not do enough to make their products secure." Yeah that'll work.

http://news.bbc.co.uk/..._1762000/1762261.stm

Ah well - that's the end of Microsoft then.

- wil
Quote Reply
Re: [japh] Laws to Punish Insecure Software Vendors? In reply to
So what happens 10 years down the road when the law gets passed and some hacker discovers a huge security hole in OS XX that existed in OS X and probably earlier? Do you let them go free because it sat harmless for 10 years, or put them on trial because they never bothered to fix it?

--Philip
Links 2.0 moderator
Quote Reply
Re:Laws to Punish Insecure Software Vendors? In reply to
Lolololololo, let's just clear up some things about OS X.

OS X doesn't need weekly updates like M$.
So far the security problem that was a bit of a concern was in IE by M$.

Let's just remember that OS X ... is a BSD, therefore freeBSD, netBSD, ixBSD .. ???BSD might have similar problems ...

Is the Hubbard guy from ???BSD a bad coder?
That the Mach Kernel is poorly coded?

So my question ... which is better BSD or windows? which has less bugs? which has less security concerns?

--------------------
Philip, I don't see your point. It sat for 10 years harmless ... right ... so sue em from the time it should have been fixed. (ie .... first exploitment + 1-2 weeks).
Outlook has been exploited continuosly.
--------------------

Not just Philip now....

Why? Why does M$ get hit so often?

I totally agree with the idea that hackers target M$ because it's the widest used OS but ... Couldn't you also say it's because it's M$ ... and folks just don't like that company!

openoffice + gimp + sketch ... Smile
Quote Reply
Re: [QooQ] Re:Laws to Punish Insecure Software Vendors? In reply to
HEY!

Don't bring Windows into this dirty argument! Tongue
Quote Reply
Re: [RedRum] Re:Laws to Punish Insecure Software Vendors? In reply to
Angelic

they'll be the ones paying the most money if this law comes into effect!

openoffice + gimp + sketch ... Smile
Quote Reply
Re: [QooQ] Re:Laws to Punish Insecure Software Vendors? In reply to
I really don't get all these people who hate Microsoft. If you don't like them, dont buy their products and stop whining (not you QooQ).

Why do you think they are still making billions?...Its because all these hypocrites who claim to hate Microsoft and their products, still go out and buy the damn software.

DUH!
Quote Reply
Re: [QooQ] Re:Laws to Punish Insecure Software Vendors? In reply to
Quote:
OS X doesn't need weekly updates like M$.
That's bull. MS posts updates frequently, and very few of the "critical updates" are that critical to your system. My copy of Win2k has run flawlessly without any updates since I installed it August.[/quote]
Quote:
Is the Hubbard guy from ???BSD a bad coder?
That the Mach Kernel is poorly coded?

Did I say they were? NO. That's irreleveant.

Quote:
So my question ... which is better BSD or windows? which has less bugs? which has less security concerns?

Personally, I like Windows.... but I haven't had significant experience with BSD to form an valid opinion. I do know that far too many people are obsessed with picking MS software appart to exploit every bug, so naturally, more people are concerned with MS than any other OS.

Quote:
Philip, I don't see your point. It sat for 10 years harmless ... right ... so sue em from the time it should have been fixed. (ie .... first exploitment + 1-2 weeks).


That's exactly the reponse I was looking fore. To me, that reads "Throw the book at MS but slap Apple's hand if there's an issue because MS has a bad rap and Apple doesn't.". Why is that? More people obsess with exploiting MS than Apple, so naturally, even if both companies have the exact same security issues, it will take longer to find in Apple.. That does not make Apple any better than MS. Under a "gaurenteed security in software" law, both companies should recieve equal punishment, unless the company knowingly does not make adequate steps to correct the problem in subsequent releases of their software...

If it makes you happy, my next pc will be a mac. Sly

--Philip
Links 2.0 moderator
Quote Reply
Re: [ThatPerson1024] Re:Laws to Punish Insecure Software Vendors? In reply to
Quote:
If it makes you happy, my next pc will be a mac. Sly

Thinking about the OSs out there ... I still personally believe when it comes down to it ... it all depends ... on which enviornment allows you to be the most productive.

openoffice + gimp + sketch ... Smile
Quote Reply
Re: [japh] Laws to Punish Insecure Software Vendors? In reply to
You also have to consider that there is probably 100 times more people looking for bugs in Microsoft products to ruin its reputation. I'm sure if they put as much effort into *nix or Mac they would find a lot of bugs as well.
Cheers,
Michael Bray
Quote Reply
Re: [Michael_Bray] Laws to Punish Insecure Software Vendors? In reply to
http://www.securitybugware.org/Linux/
Quote Reply
Re: [Michael_Bray] Laws to Punish Insecure Software Vendors? In reply to
In Reply To:
You also have to consider that there is probably 100 times more people looking for bugs in Microsoft products to ruin its reputation. I'm sure if they put as much effort into *nix or Mac they would find a lot of bugs as well.

No. Linux was written by hackers, incluidng Lincoln Stein who has set the standard for Web Security. Hackers tend to know what other hackers will look for.

And will a billion people (theoreticaly) with access to the source code, it's far more likely that people will spot and fix bugs.

With a closed code environment like MS, less people are there to track bugs. So they send them out to a select few beta testers. I've met a few of these, and most of them are just about able to use a mouse. They'll never find bugs in the core of the operating system. Maybe they'll find a typo or two but nothing critical.

And then with a commercial environment like MS, there's that pressure to get the product out - hit deadlines and so forth. Programmers are pushed, and will make errors. In a more lazy-fare environment like over usenet, FTP or whatever distribution method Linux hackers use, they tend to have more time (years if needed) to ponder over problems and ask advice off a 1000 people instantly. You get my drift ~.

- wil
Quote Reply
Re: [RedRum] Re:Laws to Punish Insecure Software Vendors? In reply to
In Reply To:
Why do you think they are still making billions?...Its because all these hypocrites who claim to hate Microsoft and their products, still go out and buy the damn software.

I thought you were studying business? - it ain't as easy as that. You try and exaplin to your immediate manager why he should scrap the heap of Microsoft software they have on n number of machines, go the Linux alternatives and then re-train all their staff to be comftarble with software they have used for years. Not likely to happen.

Why do you think that people are crying foul with the huge market share Microsoft enjoy? It's impossible for anyone to break into the market. Microsoft has been the standard on home PC users for years. The cost of re-training staff in an organsation to switch to Linux would be too great.

This doesn't mean that Microsoft is the better operating system, nor that we are all hypocrits. We're just stuck in a Microsoft-rules industry, that is proving very difficult to break out of the mold. I strongly believe that Microsoft is not the best for my office, which is why I have asked the assembly for a grant to train our staff so that we can finally part ways - permanently.

- wil
Post deleted by RedRum In reply to

Last edited by:

RedRum: Jan 17, 2002, 1:42 AM
Quote Reply
Re: [RedRum] Laws to Punish Insecure Software Vendors? In reply to
Yep... Win98.

- wil
Quote Reply
Re: [japh] Laws to Punish Insecure Software Vendors? In reply to
So it seems that the bugs are the fault of people like you then (so you claim), seeing as you beta tested and beta testers >>are just about able to use a mouse<<

It's a big circle of irony.

You should probably think about your argument Smile

Last edited by:

RedRum: Jan 17, 2002, 2:01 AM
Quote Reply
Re: [RedRum] Laws to Punish Insecure Software Vendors? In reply to
No. I beta tested for a different reason - to see how we could deploy the new OS into our business. I was not looking for any bugs, nor did I care about this side of it.

Which brings me to the exact point I'm making. Microsoft chooses to send these out to beta testers - anyone can be one, just sign up at the web site. But these people ain't interested in looking for security holes. They are far more interested in the looks of it, for magazine reviews, maybe competitiors, or people who are simply bored.

Do you understand what I'm saying? Their beta testing policy is all wrong, so it's no wonder that the major security holes keep poping up every two to three days.

- wil

Last edited by:

japh: Jan 17, 2002, 2:02 AM
Quote Reply
Re: [japh] Laws to Punish Insecure Software Vendors? In reply to
>>so it's no wonder that the major security holes keep poping up every two to three days. <<

major bug report every 2-3 days?

Boy you are hallucinating.

Think I'll go back to bed.