TEdell@ucdavis.edu (Thomas E Dell) (11/08/88)
In article <5331@medusa.cs.purdue.edu> spaf@cs.purdue (Spafford) writes: >a class action suit could be filed for millions, not $10K. I suspect >that Sun Microsystems will expend a few $100K on this -- not only to >eradicate the worm in their internal network, but they will have the >expense of FedEx'ing copies of patches to all their sites under >maintenance. DEC will have similar costs. Then there is BBN and.... No one other than Sun should be liable for expenses incurred in distributing bug fixes pertaining to security holes, regardless of how the holes were discovered. They ARE there, and they are not present due to fault of any hypothetical Cornell students.. -------- TEdell@ucdavis.edu dell@ames-nas.arpa
weemba@garnet.berkeley.edu (Obnoxious Math Grad Student) (11/08/88)
In article <3259@ucdavis.ucdavis.edu>, TEdell@ucdavis (Thomas E Dell) writes: >In article <5331@medusa.cs.purdue.edu> spaf@cs.purdue (Gene Spafford) writes: >>a class action suit could be filed for millions, not $10K. >No one other than Sun should be liable for expenses incurred in >distributing bug fixes pertaining to security holes, regardless of how >the holes were discovered. By the way: do Sun and other companies *REALLY* want to push for the "site == deep pocket liability" theory of network damage? Something like this could boomerang very very nastily. And you can all quickly bury your fears that security holes or even worries about security holes could someday kill off the ARPANET: fears of lawsuits would more than suffice. Think about it folks: we're all in this together. ucbvax!garnet!weemba Matthew P Wiener/Brahms Gang/Berkeley CA 94720