I need to admit: I really love writing audits. It has a certain degree of scientific working to falsify statements. So I was recently confronted with the following quote from a responsible IT manager:
We are not concerned with security, but with liability. If Microsoft promises security, this is enough for us.
Well, unfortunately I did not attend a judicial exam but when I read the Microsoft EULA1 regarding risks and liability, I consider the circumstances slightly more differentiated: