Reply to post:

Four phone hijack bugs revealed in Internet Explorer after Microsoft misses patch deadline

Shannon Jacobs
Holmes

I agree with you that 120 days is enough time if the companies cared, but since there is NO meaningful liability for any degree of negligence or incompetence (check your EULA), why should they care? EVER. My own belief is that if Microsoft were held to account merely for the direct damages from their failures, they would probably be bankrupt, and if they were accountable for punitive damages for gross failures, then they would surely be gone.

Having said that, I'm not sure a rigid 120 days is the best time limit. I think the time limit should reflect the complexity of the bug in relation to the likelihood of someone else discovering it. What they are doing now is almost like giving out hints, and the main meaning of the 120-day limit is that it indicates the bug is hard to fix. Or possibly that the owner of the bug has evaluated it and decided that it isn't a real threat or that the exploits would be too difficult to implement?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon