At 12:46 19/10/00 -0500, Henry Sieff wrote:
>Sadly, its not yet. As mouss will tell you, no vendor guarrantees the
>capabilities of any product they did not install. If yo installed your
>own Gauntlett box, and there is a breach for whatever reason, you will
>have a hard time pinning that on NAI. Oh, sure, you can ditch them as
>your vendor, but the damage is still done, and you don't exactly have
>much legal recourse.
I fully agree.
Note that even if _they_ install the product, they are not held
responsible. The only thing that they can fear is bad reputation.
if you are a huge corporation that promises to buy 200 firewalls, then they
will be at your knees and do whatever makes you happy, be it good or
not. once you paid and there is no more money to get from you, they go
for other rich people.
now that's what happens to big corporations. imagine what happens to small
companies, and most of the companies are small.
>
>I would be interested in hearing of cases which prove me wrong (ie,
>successful suits with damages awarded to a company for loss caused by
>the failure of a security component).
As Darron said, the license states that the vendor has no responsibility.
This true for software in general, and is understandable. vendors can't be
held responsible for their product. They should be held responsible for its
production, though. and that's the real problem.
The only thing "one" gets from commercial products is to get a "proof"
that his choice is good: the commercial vendor will give him all the arguments
to convince his directors. On the other hand, when one chooses a free
product, people keep turning around waiting for an accident, just to tell him
that he took a bad decision. This is why they used to say "you can't be
fired if you buy from IBM".
cheers,
mouss
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
