* Paul Johnson (baloo@ursine.ca) [031202 23:01]: > On Tue, Dec 02, 2003 at 04:11:33PM -0500, Paul Morgan wrote: > > Ther is always a conflict between security and openness. MS's approach > > has always been not to say anything until a fix has been propagated; they > > are often criticized for that, but I'm sure they'd be deluged in lawsuits > > from compromised system owners if they advertised the exploit to bad guys > > before they had a fix. > > Microsoft could easily sidestep those by pointing to their EULA: You > agree not to sue them due to faults in their software. Sidestepping lawsuits from a million angry customers isn't really a "win". They are, after all, a business -- one with customers, no less. The way to keep your customers paying for upgrades isn't to piss them off and then hide behind your EULA; it's to keep their customers happy. If their customers can hear about a problem only when it's been fixed, it makes Microsoft look like the good guys: "Hey, by the way, we fixed this problem you didn't even know about." If there's an exploit in the wild before a fix is available, the PHBs hear it on the local news first, which is not good. It's not about lawsuits, it's just simple business sense -- you have to keep your customers happy. good times, Vineet -- http://www.doorstop.net/ -- One nation, indivisible, with equality, liberty, and justice for all.
Attachment:
signature.asc
Description: Digital signature