2006-01-09
Software Liability Laws from an Alternate Universe...
I wrote this nearly one year ago, and decided not to post at the time. In light of recent events, including the refusal of a Breath-a-lyzer appliance manufacturer to provide source code as required by law, I will now step out on a limb, probably really annoy some people, maybe everyone and post...
Steven
The ten alternate by-laws:
1. If your operating system cannot either detect or prevent a bad guy from running his program on your computer, it is badly written, and you've purchased defective software.
2. If operating system software requires monthly patches in order to correct security issues identified by former (and current) bad guys, you've purchased defective software.
3. If operating system software contains no native anti-virus or other malware prevention features in its fourth of fifth iteration in fifteen or twenty years, you've purchased defective software.
4. Talking about trustworthy computing at trade shows does not make defective software non-defective. Or trustworthy.
5. If operating system software is designed so that popular anti-virus and anti-malware programs can't be installed with crashing the operating system, you've purchased defective software.
6. Grafting an internet browser to an operating system is like grafting a leg onto your head.
7. Creating an impression that walking around with a leg grafted onto your head makes you run better does not make you run better.
8. If an operating system is defective and subject to an exploit in a computer at home, it is more than likely to be equally defective and subject to same when ported to a mobile device.
9. Case hardening defective operating system software in a FIPS enclosure does not make the operating system software non-defective, but it probably does a great job at protecting defective software.
10. A thirty day programming hiatus is never sufficient to correct security vulnerabilities in various operating systems containing millions of lines of code.
Thoughts and comments from a lawyer-technologist about cybersecurity, privacy, and complex litigation, but with a twist of (or perhaps twisted) technology and electronic discovery. And the occasional on or off-topic rant. Cautionary Note: Nothing contained in this blog is intended to be, should be construed as, or considered to be, legal advice. If you require legal assistance, contact an attorney in your jurisdiction.
About Me
- Steven Teppler
- Jacksonville, Florida, United States
- Partner, Sterlington, PLLC. Jacksonville, FL. Cybersecurity, Privacy and Complex Litigation; Admitted in NY, DC, FL IL and NJ. Co-Chair, American Bar Association Information Security Committee.
Publications
»The HIPAA Technology Challenge: Protecting the Integrity of Health Care Information, California Health Law News – Volume XXVI, Issue 1, Winter 2007/2008
»Spoliation of Digital Evidence – A.B.A. SciTech Lawyer Magazine, Fall 2007,
»Life After Sarbanes-Oxley – The Merger of Information Security and Accountability (co-author) 45 Jurimetrics J. 379 (2005)
»Digital Signatures Are Not Enough (co-author); ISSA, Jan. 2006
»State of Connecticut v. Swinton: A Discussion of the Basics of Digital Evidence Admissibility (co-author), Georgia Bar Newsletter Technology Law Section, Spring 2005.
»Foundations of Digital Evidence, (contributing author) American Bar Association (July 2008).
»Spoliation of Digital Evidence – A.B.A. SciTech Lawyer Magazine, Fall 2007,
»Life After Sarbanes-Oxley – The Merger of Information Security and Accountability (co-author) 45 Jurimetrics J. 379 (2005)
»Digital Signatures Are Not Enough (co-author); ISSA, Jan. 2006
»State of Connecticut v. Swinton: A Discussion of the Basics of Digital Evidence Admissibility (co-author), Georgia Bar Newsletter Technology Law Section, Spring 2005.
»Foundations of Digital Evidence, (contributing author) American Bar Association (July 2008).