Readers Respond: Security: The Right to Know

Readers respond to the eWEEK editorial, "Security: The Right to Know."

Although I agree with your conclusions concerning vendors responsibility to reveal security flaws in their products, contract extensions are both unlikely and would complicate vendor/client relationships (Editorial, "The Right to Know," Aug. 15). Such terms would have to be painstakingly detailed, delaying sales and deployments alike.

I fear the ultimate solution will be litigation, specifically against vendors that knowingly conceal security defects without also providing a prompt resolution. Ciscos recent attempts to squelch third-party disclosures of security flaws make it a prime candidate should a customer encounter a breach via a Cisco router. Its a shame we cannot retroactively litigate against Microsoft.

Guy Smith
Silicon Strategies Marketing
Alameda, Calif.

Companies should be sued in court for not reporting all of the vulnerabilities in their hardware and software. The general public should be notified at the same time because peoples identities have been stolen and their credit has been ruined—and in some cases, their lives have been ruined.

Philip Long