On Dec 27, 2005, at 5:03 AM, Steven M. Bellovin wrote:
In message <80632326218FE74899BDD48BB836421A03300F@Dul1wnexmb04.vcorp.ad.vrsn.c om>, "Hannigan, Martin" writes:
In the general sense, possibly, but where there are lawyers there is = always discoragement.
Suing people with no money is easy, but it does stop them from = contributing in most cases. There are always a few who like getting = sued. RIAA has shown companies will widescale sue so your argument is = suspect, IMO..
I've spent a *lot* of time talking to lawyers about this. In fact, a few years ago I (together with an attorney I know) tried to organize a "moot court" liability trial of a major vendor for a security flaw. (It ended up being a conference on the issue.)
The reason there have not been any lawsuits against vendors is because of license agreements -- every software license I've ever read, including the GPL, disclaims all warranties, liability, etc. It's not clear to me that that would stand up with a consumer plaintiff, as opposed to a business; that hasn't been litigated. I tried to get around that problem for the moot court by looking at third parties who were injured by a problem in a software package they hadn't licensed -- think Slammer, for example, which took out the Internet for everyone.
There have been successful cases for pedestrians that used a train trestle as a walk-way, where warnings were clearly displayed, and a fence had been put in place, but the railroad failed to ensure repair of the fence. The warning sign was not considered adequate. Would this relate to trespassers that use an invalid copy of an OS refused patches? Would this be similar to not repairing the fence? Clearly the pedestrians are trespassing, nevertheless the railroad remains responsible for the safety of their enterprise. -Doug