Should software suppliers be held responsible for data breaches caused by known vulnerabilties they have failed to patch?
This is one of the questions that arose during a debate on vulnerabilty disclosure at RSA Conference 2011 in San Francisco.
Independent researcher, Dino Dai Zovi says this is something that should be tested in court.
Zovi encouraged business organisation who believe any data breaches they suffer are as a result of a known security vulnerability to take the matter to court.
He believes victory in any such case will set an important precedent that will put pressure on software suppliers to speed up patch releases.
Attendees of RSA 2011, heard that some suppliers can take up to three years to patch known vulnerabilities. Should business apply greater pressure to force this change?