NYCPHP Meetup

[inforequest]

Hans Zaunere lists-at-zaunere.com |nyphp dev/internal group use| wrote:

>>the customer the security they deserve?
>>    
>>
> How do you protect yourself against liability, and more importantly 
> how do you give
>
>
>Get a lawyer - get a dedicated box (or even a jail).  Doing the latter will require less of the former :)
>
>  
>

Completely true about dedicated server, but if you do your own box then 
you can't share liability with the host, right? You are responsible for 
making that box secure, in addition to your app.

Isn't it more fun to spread the liability across a number of deep 
pockets, distributing the risk and making a case for common practice etc?

Scenario: If you were an underwriter considering offering errors and 
ommissions insurance or a business owner package for this application 
developer, which would be more risky?

1. He's following industry norms and leased a server from the hosting 
provider ATT, which offers levels of ecommerce features and allows him 
to pick and choose pieces, or

2. He's using a dedicated server he bought from vendor X, running 
hardened *BSD or XXES, acting as sysadmin, and  has even demonstrated 
he's an excellent high-security sysadmin?

After you get past the punchline (he's an insurance guy, so he doesn't 
know anything about computers) you go with #1 because of the access to 
deep pockets (ATT). You are offering insurance against ERRORS and 
MISTAKES so it doesn't matter if he's an expert... everybody makes mistakes.

-=john andrews