Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The burden of proof should fall on them to demonstrate that it wasn't exploited.

Otherwise, the reasonable thing to do is to assume that it was exploited, because they have no evidence to show that it wasn't.

The phrase is a psychological trick because it creates the illusion that the burden of proof falls on the other side.



You can't prove a negative.


There is no greatest prime number.

If there were, call it p, and let q = Π(P), P∈N:P is prime (Eratosthenes showed this is computable)

Then q+1 % 1 modulo every lesser prime, meaning q+1 is prime, and p is thus not the greatest prime.

There you go. We have just proven a negative.


In which case, the second paragraph applies.


But then you might as well just assume everything is compromised, at all times, even if there's been no announcement. They could just not be telling you.

Which is maybe not the worst strategy, but it's going to be pretty exhausting.

I'd suggest that instead we should just expect and enforce a certain amount of openness and honesty from companies when they fuck up in this way, so we can make informed decisions.


Well, yes - this is the dilemma which is not resolved with empty platitudes, even though "you can't prove a negative."

In the US and elsewhere, there are already some penalties for covering up a problem, and they should be expanded commensurately with the potential harm.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: