On Wed, Nov 14, 2012 at 3:43 AM, Georgi Guninski <gunin...@guninski.com> wrote: > On Tue, Nov 13, 2012 at 05:47:28PM -0500, Jeffrey Walton wrote: >> On Tue, Nov 13, 2012 at 4:56 PM, Thierry Zoller <thie...@zoller.lu> wrote: >> > >> > RANT >> > ---- >> > The world of mobile applications appear to have become one where >> > vulnerability >> > disclosure and awareness are not necessary. Until there are >> > fully automated >> > updates and refusal of service for outdated applications I see the >> > need for disclosure. >> Mobile is a step backwards in software security (back to about the >> mid-1990s) due to patching. Or more correctly, lack thereof. I've been >> bitching about it for years. >> >> I'm convinced the only way to fix it is through legislation and >> software liability laws. Waiting for companies to "do the right >> thing" > > liability laws might kill a lot of OSS warez as a side effect. Perhaps. I believe it will improve those that remain (survival of the fittest?).
Folks like Google and Red Hat might have to take a proactive approach to limit their liability. It might hurt folks like Dan Rosenberg, who make their careers out of finding Comp Sci 101 bugs in the kernel. (Nothing against Dan - he does a great job). > btw, m$ lusers agree to "CLASS ACTION WAIVER": > http://windows.microsoft.com/en-US/windows-live/microsoft-services-agreement > > ============== > IF YOU LIVE IN THE UNITED STATES, SECTION 10 CONTAINS A BINDING ARBITRATION > CLAUSE AND CLASS ACTION WAIVER. IT AFFECTS YOUR RIGHTS ABOUT HOW TO RESOLVE > ANY DISPUTE WITH MICROSOFT. PLEASE READ IT. > 10.4. Class action waiver. Any proceedings to resolve or litigate any dispute > in any forum will be conducted solely on an individual basis. Neither you nor > Microsoft will seek to have any dispute heard as a class action or in any > other proceeding in which either party acts or proposes to act in a > representative capacity. No arbitration or proceeding will be combined with > another without the prior written consent of all parties to all affected > arbitrations or proceedings. > =============== Its not just Microsoft. The courts (in the US) are starting to limit those obscene Terms of Service. http://www.topclassactions.com/lawsuit-settlements/lawsuit-news/2633-zapposcom-loses-arbitration-bid-in-data-breach-class-action-lawsuit. Its another legal absurdity to me: you are given a protection, then corporate america tries to get you to wave it. I guess that's why my undergrad and grad degrees are computer science and not law. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/