From: <alex@yuriev.com>
unprotected are). For example, have a machine that had been broken into and used to attack a company which lost $5M because of that attack, make whoever owns the machine was broken into pay $5M + attorney frees + punitive damages. Suddently, the unprotected (for whatever the definition of unprotected is) networks disappear either due to the bankruptcy of the owner or because it becomes cheaper for the owner to maintain those unprotected networks rather than face monetary penalties.
So, if I'm reading this right, user of Vendor L doesn't like Vendor M. Instead of attacking Vendor M's software, the user just needs to make sure Vendor M's corporate servers get infected and cause enough damage to run Vendor M into bankruptcy from the resulting law suits? What about the small mom and pop shop? Will you watch as an old family business is run into the ground because someone didn't advise them properly on handling security? There is such a thing as making penalties too stiff. Many good businesses would be afraid to participate. Oh, wait. Never mind. They'd have Internet Vulnerability insurance. Jack Bates BrightNet Oklahoma