Xref: utzoo gnu.misc.discuss:3285 comp.org.eff.talk:2482 Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!uunet!wuarchive!psuvax1!ukma!memstvx1!utkcs2!ornl.gov!de5 From: de5@ornl.gov (Dave Sill) Newsgroups: gnu.misc.discuss,comp.org.eff.talk Subject: Re: Software vendor liability/culpability Message-ID: <1991May31.132152.10113@cs.utk.edu> Date: 31 May 91 13:21:52 GMT References: <1991May31.073704.4847@elroy.jpl.nasa.gov> Sender: usenet@cs.utk.edu (USENET News Poster) Reply-To: Dave Sill Organization: Oak Ridge National Laboratory Lines: 23 In article <1991May31.073704.4847@elroy.jpl.nasa.gov>, earle@elroy.jpl.nasa.gov (Greg Earle (Sun Software)) writes: > >The bottom line: in such a circumstance, is company XYZ liable for damages >caused as a direct/indirect result of the security hole opened due to the >installation of their product? Yes, unless they have taken reasonable action to notify the installer of potentially harmful side effects. >Or is it a case of "If you don't read the >installation script of all products you install, then you get what >you deserve" >for the sys admin of the cracker system? In general, is a software vendor >liable/responsible for anything deletirious that occurs as a byproduct of the >installation of their product(s) on a customer's machine? Yes, if the vendor provides a script or installation instructions, they're responsible for making resonably sure that they're safe. -- Dave Sill (de5@ornl.gov) It will be a great day when our schools have Martin Marietta Energy Systems all the money they need and the Air Force Workstation Support has to hold a bake sale to buy a new bomber.