Law suit for OS security breaches?

Law suit for OS security breaches?: Posted by Arctic Wolf on October 8th, 2003; As most of you may already know,... Microsoft is being sued for security
breaches in Windows OS. These "deep-pocket" law suits can last years
and years, and the result is impossible to predict.
How about Linux? Or xBSD for that matter? Who can be sued for Linux?
Not the contributors, because the volunteer software writers have no
money. Can a distributor like Red Hat be sued, if Linux is found to
have security breaches?

--
email: SpamShield-ArcticWolf@mail.com
To send me email, please remove "SpamShield-" from the email. Thanks.; Posted by Mark Taylor on October 8th, 2003; Arctic Wolf <SpamShield-ArcticWolf@mail.com> wrote in
news:blvilb$goukb$2@ID-184215.news.uni-berlin.de:

I think the GNU Public License addresses that issue, at least to some
extent.

As for MS or any other "manufacturer", they should be held to the same
standards of any other product manufacturer. It's unlikely that EVERYONE
that uses a MS OS will incur some personal injury, but in some applications
it is possible. As long as MS (or whoever) acts responsibly in offering
updates and patches in a timely manner no suit for (non personal
injury) damages will survive.

Just my $0.02; Posted by Raj Rijhwani on October 8th, 2003; On Tuesday, in article
<blvilb$goukb$2@ID-184215.news.uni-berlin.de>
SpamShield-ArcticWolf@mail.com "Arctic Wolf" wrote:

Surely M$ can only be sued because they are licensing a product for
profit, which implies a guarantee of servicability for the product. The
linux kernel isn't.

Usual disclaimers stand.
--
Raj Rijhwani | This is the voice of the Mysterons...
raj@rijhwani.org | ... We know that you can hear us Earthmen
http://www.rijhwani.org/raj/ | "Lieutenant Green: Launch all Angels!"; Posted by Kingbarry2000 on October 8th, 2003; "Raj Rijhwani" <raj@rijhwani.org> wrote in message
news:20031008.0100.2410snz@rijhwani.org...
Ah. So Linux is a toy.
Silly boy.
If suit stands, all connected to Linux will be sued.; Posted by Marc Nadeau on October 8th, 2003; Raj Rijhwani a écrit:

Selling an OS is somewhat different than selling a product, it's selling a
_service_ .

If you dowload a free distribution ( free as in gratis) for sure you can't
sue anybody if something goes wrong.

Otherwise, if you buy a business oriented distribution what you're paying
for is confidence not the product which you could get for free from
somewhere else.

So i think that in certain circumstances the distributor could be held
responsible for some damage if it occurs that the damage was caused by a
not very neat or defective distribution.

Some will prefer to sue the consultant that recommended the distribution.

I do not think that happens very often because it would be the end for
Microsoft. Who would recommend one of it's "OSes" or any MS software ?

--
Marc Nadeau
La Pagerie
http://www.pagerie.com; Posted by Ed Murphy on October 8th, 2003; On Wed, 08 Oct 2003 02:50:56 +0000, Kingbarry2000 wrote:

This troll popped up in alt.callahans several weeks ago. Ignore him
and he'll go away in due course.; Posted by Michael Heiming on October 8th, 2003; Arctic Wolf <SpamShield-ArcticWolf@mail.com> wrote:
IMHO not, the GPL doesn't allow that.

But then it doesn't really matter, if a security whole is found, you
can be sure it will be fixed faster then anyone can fill out a lawsuit...

If you're to dump to update the offending package, it's your problem.

At least you can fix it yourself, you have the source.

--
Michael Heiming

Remove +SIGNS and www. if you expect an answer, sorry for
inconvenience, but I get tons of SPAM; Posted by Bill Unruh on October 8th, 2003; raj@rijhwani.org (Raj Rijhwani) writes:

]On Tuesday, in article
] <blvilb$goukb$2@ID-184215.news.uni-berlin.de>
] SpamShield-ArcticWolf@mail.com "Arctic Wolf" wrote:

]> As most of you may already know,... Microsoft is being sued for security
]> breaches in Windows OS. These "deep-pocket" law suits can last years
]> and years, and the result is impossible to predict.
]> How about Linux? Or xBSD for that matter? Who can be sued for Linux?
]> Not the contributors, because the volunteer software writers have no
]> money. Can a distributor like Red Hat be sued, if Linux is found to
]> have security breaches?

]Surely M$ can only be sued because they are licensing a product for
]profit, which implies a guarantee of servicability for the product. The
]linux kernel isn't.

It would be nice to see the law of torts extended to software.
Re Linux, I suspect that it is difficult. If you did not buy the
software, they there is no contract between you and the vendor (as I
understand it a contract requires the exchange of benefits). The
licensing is irrelevant. HOwever maybe something like "attractive
nuisance" could be used (as in when your neighbour sneaks into your
swimming pool and drowns, you could be sued under the claim that you did
not do enough to protect your neighbour from the forseeable dangers of
your pool.) If you did buy it, then there may well be a
contract, and you could claim that you had been damaged by the vendor's
goods.
(Note I am not a lawyer, so don't base your actions on my musings); Posted by Geoff Lane on October 8th, 2003; Raj Rijhwani <raj@rijhwani.org> wrote:
From what I read, the case is more along the lines of producing a product
that is "insecure by design".

The endless stream of security problems centred on IE and HTML are not due
to bugs, but rather the use of a design policy that starts with a totally
unprotected design and then plug each problem as it is discovered.

--
Geoff Lane
The use of unnecessary violence in the apprehension of the Blues Brothers
has been approved.; Posted by David L. Johnson on October 8th, 2003; On Wed, 08 Oct 2003 05:09:40 +0000, Marc Nadeau wrote:

Not really. It's very much like selling a book, or music or a movie.
MS tries very hard to
have what it sells be considered as something other than a sale of
merchandise, in order to shield against exactly this sort of suit. But
it's bogus. They say you are only "licensing" the product -- or more
likely "sublicensing" from the computer dealer who installed the software
on the machine. That way you are supposedly bound to whatever agreements
they slip in the package that you bought, and they have no responsibility
for selling you a defective product. Great for them, sucks for their
customers.

--

David L. Johnson

__o | What is objectionable, and what is dangerous about extremists is
_`\(,_ | not that they are extreme, but that they are intolerant.
(_)/ (_) | --Robert F. Kennedy; Posted by Raj Rijhwani on October 9th, 2003; On Wednesday, in article <kYKgb.44068$pl3.9951@pd7tw3no>
kingbarrypublic@hotmail.com "Kingbarry2000" wrote:

I didn't say that. Where does "not for profit" become "is a toy"? I
simply stated my understanding that there is no commercially implied
guarantee of servicability.

If all you can say is "yadda yadda boo", in a roundabout way, why say
it?
--
Raj Rijhwani | This is the voice of the Mysterons...
raj@rijhwani.org | ... We know that you can hear us Earthmen
http://www.rijhwani.org/raj/ | "Lieutenant Green: Launch all Angels!"; Posted by Raj Rijhwani on October 9th, 2003; On Wednesday, in article
<bm0m75$3l5$1@string.physics.ubc.ca>
unruh@string.physics.ubc.ca "Bill Unruh" wrote:

...only in America. I don't think that would stand anywhere else in the
world. I'm pretty sure it wouldn't apply here in the UK. Over here the
response, if it was anything other than an young child, would probably
be "serves the silly bugger right". If it were a child or anyone not
mentally competent it would be a tragedy, but I very much doubt
anyone would be held liable. Needless to say a public pool would
be a different matter, of course, but I don't see how that twist would
apply to something like a Linux installation.

But when you buy a Linux distribution you are not buying the content
of the disks (for the most part). You are explicitly not buying the core
linux and GNU support apps/utilities. You are paying for the distribution
service, the accompanying documentation, the tech support service, etc.
It's hard to see how any liability could be attached to the vendor or the
distributor.

Now, if you employed a consultant to perform an installation, and they
didn't account for publicly known vulnerabilities that they could
reasonably be expected to have known about in their professional capacity
*at the time of installation* then that consultant might be at risk of suit
on the grounds of negligence. I can see how that might be reasonable.
Other than that, though I can't see it.

Ditt-very-o.
--
Raj Rijhwani | This is the voice of the Mysterons...
raj@rijhwani.org | ... We know that you can hear us Earthmen
http://www.rijhwani.org/raj/ | "Lieutenant Green: Launch all Angels!"; Posted by John Hasler on October 9th, 2003; Bill Unruh writes:
Assuming your neighbor is five years old and your pool unfenced, near your
property line, and visible from off your property. Even so, the kid's
parents are likely to be held partly liable.

Raj Rijhwani writes:
Perhaps the rest of the world could learn something.

Attractive nuisance law would not apply to software in the US either.

Attractive nuisance law only applies to young children and other
noncompetents. It's really quite a simple straightforward concept.

You are buying copies of the software.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, Wisconsin

Similar Posts

which hdd will better suit? (Help and Support) by SANTANDER
Security Breaches Pandemic - Deloitte Touche 2006 Global Security Survey (Computer Security) by docbook.xml@gmail.com
UK.gov pioneers secure Linux to contain breaches (Computers & Technology) by Au79
New US legislation to force companies to protect data and report breaches (Computer Security) by Imhotep
I have been asked to leave the company for having spotted serious security breaches (Computer Security) by Curious George