[Dshield] Microsoft patches

Ed Truitt ed.truitt at etee2k.net
Tue Oct 21 12:17:03 GMT 2003


On Mon, Oct 20, 2003 at 11:09:34PM -0500, Doug White wrote:
> Just for the sake of discussion, exactly what is Microsoft's obligation to patch
> anything at all?

I think it's called "the fiduciary responsibility to the shareholders."  If MSFT made the decision NOT to provide patches (especially security-related patches), I think 2 things would happen:

1) Their customers would migrate to an OS that DID provide such patches (Unix, Linux, FreeBSD, NetWare, etc...)

2) Their cash reserves would be bled dry in a wave of product liability lawsuits (all it would take is one to shred the shrink-wrap license agreement, then the flood would hit.)  And, even if the license agreement held, it protects MSFT from the person running the software - not those of us who aren't.

-- 
<==============================================================>
Edward D. (Ed) Truitt
email:  ed.truitt at etee2k.net      
http://www.etee2k.net 
"Note to spammers: my 'delete' key is connected to YOUR ISP. 
Also, if you send me UCE, I reserve the right to post your spew 
on my Web site, with the appropriate color commentary, so that 
others may have a good laugh at your expense."




More information about the list mailing list