Who is to blame?

by Anton Chuvakin

Related link: http://ptech.wsj.com/archive/ptech-20040311.html

These two articles show a radical and fun difference of opinion on the controversial subject of "who to blame for security problems?". Vendor should take care of it, says the WSJ article and goes on to say "They [i.e. technology vendors] would rather dump the security mess in the laps of users than solve it at the level where a solution really belongs: in the operating system, or the hardware, or the online provider's servers." Users can't blame the vendors, says CW article, the users are the ones ultimately responsible. The customer "was going to be held responsible for the failure of its vendor" in a recent law suit.

I'd love to have the following poll for as broad an audience as possible:

Who is to blame for current security problems?

  • Technology users

  • Technology vendors

  • Malicious hackers

  • Somebody else

Anybody want to host it?