16 Jan
2016
16 Jan
'16
9:48 p.m.
On Sat, 16 Jan 2016 11:09:27 -0800, Owen DeLong said:
Making the owner of the host responsible for an attack -personally- responsible would require every grandma & 6 year old to have insurance before buying a laptop or Xbox. And would bankrupt your favorite startup no matter how smart & competent the first time a zero-day caught them by surprise.
Agreed… I think, instead, that the commercial purveyors of vulnerable software should be held liable.
And this is another one that needs *really* careful definitions. How much time does Redhat get to patch a bug in (say) OpenSSH or the kernel or any other package from upstream, before you want to hold them liable?