Opinion: Vendors who prevent patching should be liable for issues

Opinion: Vendors who prevent patching should be liable for issues

When many SQL Server customers are asked why they haven’t kept up to date with either SQL Server versions, or more importantly, patches to SQL Server, the answers usually boil down to two reasons:

  • They are just slack
  • Their vendors won’t support the later version or patch level

Many SQL Server application vendors don’t keep up to date with testing of their applications on released versions or patches for SQL Server.

While I can understand a hesitation to quickly support later versions of the product, refusing to support later patches of supported versions is particularly concerning. Worse, actively telling customers to avoid installing security patches is deeply troubling.

Preventing clients from installing security patches is simply not reasonable.

If there is a proven issue with a patch, that’s understandable. But if the main reason is that the vendor just hasn’t done the work to test the patch, I believe that vendors who do this need to bear liability for any ensuing issues that occur, regardless of their license agreement that might try to exclude consequential damages from use or inability to use their products.

2018-01-30