15 Feb
2001
15 Feb
'01
5:54 p.m.
I got into an interesting conversation today. Here's the question: if a vendor rolls out a net-enabled product that features a crypto- secured interface, what kind of liability do they face if the interface security is breached? In particular, we were discussing machine controls and the recent incident where it was discovered that one manufacturer was fielding a GPIB control card with TCP/IP Ethernet and no security at all. If a net-connected and secured machine were hacked and death or personal injury resulted, does that make the manufacturer an accessory to manslaughter? Would having a provably good (or provably bad) security layer mitigate this? -- Roy M. Silvernail Proprietor, scytale.com roy@scytale.com