Comment Ok, but at what level? (Score 1) 250
If I'm an IT professional for a company and I install Windows Server, apply all the patches and this is the box holding all the corporate data including customer information and it gets compromised which IT professional is being held responsible?
Me? Because I installed and maintained the system? Even though I have applied every patch and update Microsoft has provided?
Someone at Microsoft that programmed the particular piece of the OS that was exploited?
The person that programmed the library that the programmer at Microsoft used when they programmed their particular piece of the OS that was exploited?
How far up the chain are we looking to place blame? Should I be blamed because Microsoft used a library from another party that was exploited? Should the programmer at Microsoft be blamed because they used a third party library that could be exploited? Should the author of the library be blamed because it was their library that caused the exploit? What if they weren't the original author of the library and took it over from someone else or forked it?