[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] AV companies better hire good lawyers soon.
- To: Jean Gruneberg <gruneberg@xxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] AV companies better hire good lawyers soon.
- From: Mister Coffee <live4java@xxxxxxxxxxxxxxx>
- Date: Tue, 14 Sep 2004 11:14:49 -0700
On Tue, Sep 14, 2004 at 10:40:17AM +0200, Jean Gruneberg wrote:
> Yes, I agree - but then don't bitch if the other software (be it AV or any
> other software) does not work or breaks your software. Surely it is the
> writers responsibility that the software is compatible with other stuff. Bit
> like reading your writing and making sure it isn't offensive to certain
> groups to people!
>
In general, yes, it's an author's responsibility to make sure his stuff is
compatible with other stuff out there - when it's released. But that works
both ways. If my program works fine with yours, but your new version breaks my
program, who's fault is it? Is it mine for not updating to keep up with your
new version? Or is it yours for not being compatible with the existing version
of mine? To quote you here: "Surely it is the writers responsibility that the
software is compatible with other stuff." So, here, it was your fault for
breaking my program. Or, maybe "you" (I'm using the generic you/me here,
obviously) don't care that your new version breaks anyone elses code?
Viscious circle.
In the specific case here, with the AV vendor, it was clearly the AV software
that released an update that broke someone elses sofware.
Making it the other guy's fault doesn't wash. It's more bad QC on the AV
vendor's part. But as you mentioned previously, they'll get pounced if zome
0day gets past them and some clown loses his data. It's a thankless task. But
it's _far_ more reasonable for them to err on the side of "Physician, do no
harm" and miss the first day of an outbreak than it is for them to rush out and
-break existing programs- because they were in such a hurry to "Be first to
recognize ScatMaster@xxxxxx!!"
As for writing, the analogy doesn't really apply. Writing is subjective, and
it's impossible to be 100% inoffensive and still say anything. Software, in
this context, is objective. It either plays nice, or it doesn't.
But we're straying a bit far from fully disclosing anything in this thread, so
I bid you adiue.
Cheers,
L4J
> J2
>
> -----Original Message-----
> From: full-disclosure-admin@xxxxxxxxxxxxxxxx
> [mailto:full-disclosure-admin@xxxxxxxxxxxxxxxx] On Behalf Of Florian Weimer
> Sent: 14 September 2004 09:26
> To: Micheal Espinola Jr
> Cc: full-disclosure@xxxxxxxxxxxxxxxx
> Subject: Re: [Full-Disclosure] AV companies better hire good lawyers soon.
>
>
> * Micheal Espinola, Jr.:
>
> > I disagree. Programmer's should know to submit their code to the
> > various AV companies in order to avoid false-positives.
>
> This is a ridiculous proposition. It's like suggesting that you have to
> submit your writings to the Department of Justice before you can exercise
> your free speech rights.
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html