Comments on: Does anyone really know how much information was lost by TJX? http://www.bloggernews.net/111533 High-quality English language analysis and editorial writing on the news. Fri, 10 Oct 2008 19:37:34 +0000 http://wordpress.org/?v=2.3.3 By: Kevin Coleman http://www.bloggernews.net/111533#comment-143454 Kevin Coleman Mon, 03 Dec 2007 18:45:41 +0000 http://www.bloggernews.net/111533#comment-143454 There are two critical issues at play here. The first is that not all breaches are reported or disclosed. I know of one instance where a “bot” was attached to a data base and sent our competitive information to a proxy server outside the country. Security experts were called in and when the full extent of the issue was known they were informed of their requirement to disclose the event. The CIO cancelled their contract immediately and reminded them of their Non-Disclosure Agreement. Complete disclosure is needed but we are far from that. The second issue is in product liability for software companies. It is next to impossible to successfully litigate against a faulty software product. Some how these organization have become all but immune from product liability issues. Why is this product different from all the others. Could it be we as software consumers have become trained to accept software glitches and flaws. Face it, how would we feel if we had to stop and reboot our cars! There are two critical issues at play here. The first is that not all breaches are reported or disclosed. I know of one instance where a “bot” was attached to a data base and sent our competitive information to a proxy server outside the country. Security experts were called in and when the full extent of the issue was known they were informed of their requirement to disclose the event. The CIO cancelled their contract immediately and reminded them of their Non-Disclosure Agreement. Complete disclosure is needed but we are far from that. The second issue is in product liability for software companies. It is next to impossible to successfully litigate against a faulty software product. Some how these organization have become all but immune from product liability issues. Why is this product different from all the others. Could it be we as software consumers have become trained to accept software glitches and flaws. Face it, how would we feel if we had to stop and reboot our cars!

]]>