| |||||||||||||
The new Java 0Day examined (The H)The new Java 0Day examined (The H)Posted Aug 30, 2012 17:27 UTC (Thu) by reddit (guest, #86331)Parent article: The new Java 0Day examined (The H)
Why isn't there criminal prosecution for the managers of companies that leave vulnerabilities unpatched?
As far as I can tell, they are directly acting to help the activities of criminals and organized crime all around the world.
Oh, and maybe they should be forced to pay a reparation of $100k at least (or an equal share of their assets after they declare bankruptcy due to this) for every person they intentionally put in danger of getting all their personal data stolen and/or destroyed.
(Log in to post comments)
The new Java 0Day examined (The H) Posted Aug 30, 2012 18:10 UTC (Thu) by pr1268 (subscriber, #24648) [Link] Why isn't there criminal prosecution for the managers of companies that leave vulnerabilities unpatched? Negligence can be a crime, but ignorance and stupidity aren't. At least not yet. Many PHBs simply pull the wool over their eyes and pretend their company/organization couldn't possibly be the target of maliciousness. Sigh.
The new Java 0Day examined (The H) Posted Aug 30, 2012 19:19 UTC (Thu) by mpr22 (subscriber, #60784) [Link] Why isn't there criminal prosecution for the managers of companies that leave vulnerabilities unpatched? You're invited to suggest answers to the following questions:
The new Java 0Day examined (The H) Posted Aug 30, 2012 20:30 UTC (Thu) by richmoore (subscriber, #53133) [Link] Don't forget:
The new Java 0Day examined (The H) Posted Aug 30, 2012 20:48 UTC (Thu) by mpr22 (subscriber, #60784) [Link] Not paying anything might cover civil liability, but criminal liability's another kettle of fish.
The new Java 0Day examined (The H) Posted Aug 31, 2012 14:17 UTC (Fri) by drag (subscriber, #31333) [Link]
> Why isn't there criminal prosecution for the managers of companies that leave vulnerabilities unpatched?
Because that would be damn stupid thing to do.
> As far as I can tell, they are directly acting to help the activities of criminals and organized crime all around the world.
So does roads and airports, but nobody is trying to prosecute them.
> Oh, and maybe they should be forced to pay a reparation of $100k at least (or an equal share of their assets after they declare bankruptcy due to this) for every person they intentionally put in danger of getting all their personal data stolen and/or destroyed.
Or you could just take responsibility for your own life and not use shitty software.
The new Java 0Day examined (The H) Posted Sep 2, 2012 1:30 UTC (Sun) by gmaxwell (subscriber, #30048) [Link] Or you could just take responsibility for your own life and not use shitty software.Meh. Everything else you said was great— but software, certainly closed source binary software, is something of a lemon market. The authors may know that the software was rushed, untested, and shoddy, but the users can only tell after the fact. It's not right to blame the victims, even if it also isn't right to hold the perpetrators accountable. Perhaps it might be more realistic to establish disclosure requirements— thus delemoning the market and reducing the incentives to be dishonest about your poor software quality— than it would be to make people responsible for unreliable and poorly maintained code?
The new Java 0Day examined (The H) Posted Sep 7, 2012 10:23 UTC (Fri) by ortalo (subscriber, #4654) [Link]
Do you remember the license agreement you clicked through for Java? (By the way, even for a paid-for software, I guess a similar answer would be applicable.)
The "culprit" will be the one who tries to exploit (maybe even the one who finds/talks about it), not the one that leaves everything exploitable.
|
|||||||||||||