"Well whoopty-doo, cry me a river - no fucking thing in real life is ever guaranteed!"
But that's what the customers WANT, like it or not. So if you cry a river, they'll be happy to send you down it. Which would you rather have? Hundreds of false positives...or one false negative?
"Second, there is zero point in nagging me about things I cannot do a single damned thing about. If a website's certificate expires, can I fix it? NO!"
But it WOULD be prudent to, you know, NOT GO THERE.
"so John Smith won't care about hosting a botnet as it will not impact him at all"
Not impact him at all? What about steal his information and use his identity to commit illegal activities putting the law on them?
"there's only one thing I can do about that when it happens: cancel the dialog and continue about my business."
Oh? What about "Perhaps what you are about to do is stupid. DON'T DO IT!" Like I said, I'll take hundreds of false positives over one false negative because they only have to get through ONCE to make it Game Over.
Biting the hand that feeds IT
