Paul Ferguson notes that DHS says that a recent Microsoft patch that has already been exploited puts national security at risk. While on the one hand that’s very interesting, because that’s the sort of thing that could lead to software vendor liability, despite the current legal loophole that keeps the software vendors off the hook, yet on the other hand, I’d rather not see such liability come through the root password of national security, because you never know what form it would take or where it would stop. And on the third hand, if Microsoft software is so insecure as to adversely affect national security, when DHS decided to require a monoculture of Microsoft software on its own computers, what effect did that have on national security?

-jsq