[Dad2Angels]

I would disagree with your analogy also.

I can take steps to protect my car by locking the doors, placing it in my garage, using an alarm system, etc and admittedly many don't take these obvious steps and that's their problem.

However, if the manufacturer sends it's cars out of the factory with so many vulnerabilities that an industry is created that does nothing else but research into where those vulnerabilities are and development of products to protect against those vulnerabilities, I'd say the SW vendors are neglecting to do due diligence during the development and testing of their products.

In the end there is more than enough blame to go around on this topic. But your seeming refusal to place any of the responsibility on the SW vendors is shortsighted and can only lead me to one conclusion.

You are somehow involved in the SW industry, most likely the development end somewhere.

[Bush2000]

I would disagree with your analogy also.

Of course you do. You're disagreeable.

I can take steps to protect my car by locking the doors, placing it in my garage, using an alarm system, etc and admittedly many don't take these obvious steps and that's their problem.

That's precisely what I'm talking about! Those "steps" are analogous to "rational implementation of security policy"! Nobody ever claimed that the car was break-in-proof. But you [unrealistically] expect it to be when you blame GM or Ford or whoever made it.

However, if the manufacturer sends it's cars out of the factory with so many vulnerabilities that an industry is created that does nothing else but research into where those vulnerabilities are and development of products to protect against those vulnerabilities, I'd say the SW vendors are neglecting to do due diligence during the development and testing of their products.

Consider it this way. If a thief spends his entire day thinking of ways to break into your car, there's very little that you can do to prevent him from doing so -- other than widening the perimeter of security around your car. As you said, lock it (use strong passwords), place it in a garage (firewall), use an alarm system (monitoring and notification), etc. You don't blame the car manufacturer for people discovering that, if you put a crowbar in the door jam, it's possible to pry it open. You don't blame the car manufacturer for people discovering that twisting a small piece of wire will open the lock. You don't blame the car manufacturer for people discovering that if you hit the window with a blunt instrument hard enough, it will crack and allow them to enter the vehicle.

In the end there is more than enough blame to go around on this topic. But your seeming refusal to place any of the responsibility on the SW vendors is shortsighted and can only lead me to one conclusion.

Manufacturers should do their due diligence to secure their products; however, you're being totally unrealistic about this whole thing. Anybody who thinks it's possible to ship with zero bugs is loony. So NO software would ever be good enough.

You are somehow involved in the SW industry, most likely the development end somewhere

Duh. Do you think? /SARCASM