Microsoft's latest 10-K report... fearing security lawsuits?
A couple people pointed out to me the following statement in Microsoft's latest 10-K filing with the government, under Risks:
Security vulnerabilities in our products could lead to reduced revenues or to liability claims. Maintaining the security of computers and computer networks is an issue of critical importance for us and our customers. There are malicious hackers who develop and deploy viruses, worms, and other malicious software programs that attack our products. While this is an industry-wide phenomenon that affects computers across all platforms, it affects our products in particular because hackers tend to focus their efforts on the most popular operating systems and programs and we expect them to continue to do so. We devote significant resources to addressing these critical issues. We are focusing our efforts on engineering even more secure products, enhancing security and reliability options and settings when we deliver products, and providing guidance to help our customers make the best use of our products and services to protect against computer viruses and other attacks on their computing environment. In addition, we are working to improve the deployment of software updates to address security vulnerabilities discovered after our products are released. We are also investing in mitigation technologies that help to secure customers from attacks even when such software updates are not deployed. We are also advising customers on how to help protect themselves from security threats through the use of our online automated security tools, our published security guidance, and the deployment of security software such as firewalls, antivirus, and other security software. The cost of these steps could adversely affect our operating margins. Despite these efforts, actual or perceived security vulnerabilities in our products could lead some customers to seek to return products, to reduce or delay future purchases, or to use competitive products. Customers may also increase their expenditures on protecting their existing computer systems from attack, which could delay adoption of new technologies. Any of these actions by customers could adversely affect our revenue. We devote significant resources to improving the security design and engineering of our software. Nevertheless, actual or perceived vulnerabilities may lead to claims against us. While our license agreements typically contain provisions that eliminate or limit our exposure to such liability claims, there is no assurance these provisions will be held effective under applicable laws and judicial decisions.
I'm still surprised that no one has challenged those agreements in some form of a class action lawsuit after a significant virus outbreak...