In its recently released cyber strategy, the Biden administration called on Congress to develop legislation to develop a software liability regime, one that would allow consumer and businesses to sue software makers if they fail to take proper care in designing the security of their tools. In recent weeks, the Biden administration has opened the door to reforming some of the basic economic incentives of the software industry. When a consumer buys a piece of software, the terms of service will almost always exempt the provider from liability if something goes wrong. Despite these enduring problems, Microsoft faces no real penalties beyond reputational harm for its security failures - nor do other software companies. Over nearly three decades, Exchange vulnerabilities have opened up businesses and government agencies to countless hacks, costing many millions of dollars and putting Americans at risk. And last year, hackers returned to hit Exchange, targeting a flaw that Microsoft had failed to fix. law firms, think tanks and defense contractors that hit perhaps as many as 30,000 targets. Using four of them, Chinese state-backed hackers utilized Exchange for a sprawling campaign targeting U.S. In 2021 alone, Microsoft disclosed 31 Exchange vulnerabilities, its highest annual total. There are likely many more but that was the first year that researchers began recording such flaws on the CVE List. Since 1999, security researchers have logged at least 189 vulnerabilities in Exchange Server. Allowing companies to run on-premise email servers, Exchange Server was an immediate game changer, helping to usher in a new era of digital communication. Microsoft debuted Exchange Server 27 years ago at a time when companies were just beginning to introduce email into the workplace.
0 Comments
Leave a Reply. |