SEOUL, South Korea — A South Korean consumer group is preparing to file suit against Microsoft Corp. here for damages inflicted during Januarys Slammer SQL worm attack. Peoples Solidarity for Participatory Democracy (PSPD) claims the attack, which crippled the Internet for several days, was facilitated by known flaws in the Microsoft SQL server 2000.
The suit against Microsoft Korea is based on South Koreas year-old Product Liability Act, which allows for compensation for damage from products. The suit will claim that Microsoft is responsible for the Jan. 25 Internet incident because of flaws in its database, as well as by negligence, according to a draft of the court filing.
To prevail in its case, the PSPD will need the court to take a broader view of the product liability law, which does not currently include software as a distinct “object.” Microsoft officials in Korea hit that point in their reaction to the impending litigation. The officials said software should remain exempt from the liability law in order to maintain the robust software development industry in South Korea. Additionally, they said the Slammer incident was caused by malicious hacking, not flaws in SQL Server 2000. “We will not avoid ethical responsibilities,” Microsoft officials added.
Other software developers voiced similar concerns about the suit. “Software is not the product defined in the [Product Liability] Act,” said a representative of a Korean software developer who asked to remain anonymous. “Because it is difficult to determine the criteria and scope of software flaws, it is impossible to apply the law to software.”
“In order to apply the Act to software, the principles and definitions on the specifications like other ordinary products should precede, which is impossible in the software industry,” said a spokesman for Handysoft, a Korean groupware developer and business process management company, worrying that this lawsuit may stymie development of the software industry.
“Even PSPD may not have strong confidence in the suit,” said a software industry insider who asked not to be named. “I hope Microsoft will clearly prove that software can be free from the Act by facing the problem.”
Regardless of the result of the legal action, a new emphasis on quality control has permeated the Korean software industry, including Microsoft Korea, because of the dispute.
The SQL Slammer worm interrupted Internet traffic, e-mail, and even business and banking transactions worldwide. According to analysts, it was the ninth most destructive worm on record, causing nearly $1 billion in damage and lost business.
Most Recent Security Stories:
For more security news, check out Ziff Davis Medias Security Supersite.