A discussion held in a far-away country with crazy legal system

The discussion at http://discuss.joelonsoftware.com/default.asp?joel.3.75691.30
(titled “Excuse me: you are unsecure”) illustrates the situation in a country where people do not understand the difference between breaking mechanical locks and breaking into computers or Web sites.

I said it in the past and I am reiterating the point.

A burglar can break only one physical lock at a time. Therefore vulnerabilities in locks has a built-in limit on the possible damage to society. Working societies do not have enough burglars to exploit the vulnerabilities in locks. Existing laws are also adequate to deal with those who chose the careers of burglars.

On the other hand, a vulnerability in a widely-used software package can cause millions of computers to be broken into with a single sequence of keystrokes, once the hacker has figured out how to exploit the vulnerability. Therefore, vulnerabilities in software have no built-in limit to the possible damage to society. Therefore, liability must be assigned to software vendors, who leave vulnerabilities unplugged, rather than to hackers.

RSS feed | Trackback URI


No comments yet.

Sorry, the comment form is closed at this time.