Forgot your password?
typodupeerror
User Journal

mjh's Journal: Software Liability 3

Journal by mjh

I've been seeing lots of stories lately about software liability. Here's one. Geez, I hope this doesn't happen.

I think this would have a chilling effect on open source/free software. First, because it would make it impossible for opensource/free software developers to provide the kind of software liability that someone with as deep of pockets as Microsoft. Personally, I could not release my code. I simply couldn't do it. It'd be too risky. Suppose that some big bad company got it, and despite the fact that they had the source code they mis-installed it, or it contained a bug, or whatever. They have a huge number of lawyers. I can't possibly afford to defend myself against their liability claims. And since they didn't pay anything in the first place for the code, why wouldn't some enterprising organization make a business plan out of grabbing open source/free software, and suing the developers? Suppose we all have $50k worth of assets. A company pays nothing for the software, which breaks something in their network, they sue, and collect $50k for each developer they can find. Why not do this?

The effect of this would be so chilling that any such law might be unconstitutional. IANAL, but remember that code is speech. So anything that puts a prior restraint on source code (a.k.a. speech) is a violation of a person's 1st amendment rights. Does requiring product liability put a prior restraint on speech? Hasn't this already been tried before? Haven't the producers of instructions on how to make bombs already demonstrated that they can't be liable for how their speech is used? So it seems to me, at least somewhat likely that a software liability law could not apply to open source/free software, since that's speech.

But what about all the people out there who release binary versions of their software, like anyone who makes a .rpm, or all of the distributions? They certainly can't claim that they're exercising free speech. While source code is speech, binary code doesn't enjoy the same protections. Wouldn't they be subject to product liability laws, since binary packages are products? What will that do to Red Hat, Mandrake, et al? Or worse: the volunteer based distro's like debian?

(Any of you lawyers, and can give some thoughts on these questions?)

So all open source/free software can *only* be released in source code form. And when that happens the authors are not subject to software liability. Then all the PHB's would finally be able to say, truthfully, that open source/free software is a liability for enterprise deployment because you can't sue anyone if there's a problem. They say it now, even though the implication that you could sue Microsoft is entirely false. I'd hate to make that statement true.

I just hope that this doesn't happen. I like open source/free software. I like writing it. I like using it. I don't want it to be effectively outlawed by this silliness.

Comments enabled - let me know if I'm completely off my rocker.

This discussion has been archived. No new comments can be posted.

Software Liability

Comments Filter:
  • It seems like you don't really have a problem with software liabilty so much as with software liability implemented poorly, e.g. bankrupting coders and stifling open source software. These are, unfortunately, legitimate concerns, at least in the super-extra-legalistic-expalidocous U.S. of A.

    OTOH, the current state of software afairs is ridiculous. If you work in software, you know that the general state of software is basically crap. Consider that most code is put into production only having been read by the person that wrote it! Can you imagine any engineering practice that allowed such a condition?!?! It boggles the mind.

    Businesses, the source of most software, are amazingly one-dimensional, having only profit as their goal. This is how the system works, like it or not. Because of this, there needs to be a cost to them for producing bad products. Otherwise it will never happen. Do you think automobiles would have seatbelts if the manufacturers weren't forced to? (Check your history if you think Detroit was happy about that one.)

    I've been coding for a living for about 8 years now, and I do not fear software liability. For me, the goal is always to produce a quality product, and I hate having to cut corners. Having some way to push back and insist on Doing The Right Thing would be welcome.

    • It seems like you don't really have a problem with software liabilty so much as with software liability implemented poorly, e.g. bankrupting coders and stifling open source software.

      Maybe it's just me, but I can't see any way that this can be implemented in a way that doesn't stifle open source/free software. Anything that gets done, has to give some sort of exemption to open source/free software, right? I mean that is a fair assumption isn't it?

      Well if it is, then any new software liability law makes the use of open source/free software a financial liability to any corporation that uses it. Heck, any organization that uses it. Because, it means that an organization that uses open source/free software will not have the same builtin insurance that commercial software has. Which means that the arguments about TCO suddenly become valid. The arguments about not having anyone to sue suddenly become valid. Those arguments are used today, and they're false. How much worse would it be for open source/free software if they were true?

      If there is a way to implement software liability that does not directly or indirectly stifle open source/free software then I'm all for it. At this point in time, I'm having a difficult time imagining a reasonable plan.
      • Yes. There is a way! It is something that the software industry has needed for a long time.

        There are no standards for software usability, stability.. etc. If open/free software developers were able to submit their work to a certification institute, software liability might be feasible.

        The institute would be like an "Underwrite's Laboratories" and it could be supported by users, vendors, and government. It could even be proactive, choosing software to certify instead of waiting for someone make a submission.

        Once a software work has the "seal of approval", it would mean that the institute had tested it and found it to be suitable for deployment. The institute would then be able to shoulder part (all?) of the burden of liability.

        I could elaborate on how the institute could be funded, but without going into great detail, I believe it could be done in a fair and practical manner.

        Vortran out

news: gotcha

Working...