I'm a bit mystified about this post--software developers already are liable for damages and/or injury caused by flaws in their work. There's a whole category of liability insurance (and matching case law to boot) around the subject. In the insurance business it's called "software errors and omissions."
If you're not aware of this...
you're either not in the software business, or you probably should be talking to your insurance agent. If you work in the United States, do business in the United States, or can be found to have a "business nexus" within the United States, you can find yourself named as a respondent in a U.S. liability lawsuit. And there's a nasty little element of U.S. liability law known as "joint and several liability" that essentially means that whether you are at fault or not, if the jury finds that the plaintiff was injured--and that some degree of the fault lies with any of the respondents, all of the respondents are jointly responsible to pay damages.
An earlier post in this topic wrote, in essence, "between the developers, the tester, the customer, the business analyst--good luck figuring out who made the mistake." That's the point of joint and several liability--they sue all of you. The jury doesn't have to decide whether it was the tester, the developer, the analyst, or the end user. So long as at least some part of the injury was caused by negligence of some kind--you can be found liable.
The Achilles heel of Open Source
Suppose you join a project on SourceForge--like a nifty project to develop Open Source Linux video drivers for high-end plasma video displays. You produce some really spectacular work--and you draw the applause of a small community of really high-end gamers when you ship your first release.
But, unbeknownst to you, a networking consultant in New Jersey finds your project, and uses it to provide a low(er)-cost solution for a radiologist who uses the same video card/monitor system to read CAT scans. The radiologist is reading mammograms.
(Ominous chord plays here.)
Seventeen months later, a woman is diagnosed with an "aggressive" form of breast cancer. Had it been detected earlier, she might not have required a mastectomy, or serious chemotherapy. Now she has lost both breasts, and all of her hair has fallen out. She--and her attorneys--want to know why the radiologist didn't find the problem in the mammogram seventeen months earlier.
Right. The mammogram the radiologist viewed on a high-end plasma display. Using an Open Source video driver. The one you helped to develop.
Another ominous chord. This time in a minor key.
You are in deep yogurt. And whether the video driver had anything to do with it at all, you can expect to be served notice that you have been sued in federal court. And you will then be staggered to discover just how much it costs just to respond to the lawsuit. And the fact that you didn't get paid a dime--hey, it was Open Source, right?--doesn't make a lick of difference.
Fairness, Justice, and the Law are Three Different Things...
Fifteen years ago I was the system architect on a project to manage liability insurance claims for a very, very large insurance company. A liability claim is a lawsuit--we evaluated all kinds of circumstances (prior history in this jurisdiction, prior history with this judge, who the plaintiff was, who plaintiff's counsel was, who our counsel was, yadda yadda yadda). We went through a bunch of factors, carefully weighing each of them, till we got to the end of the process. The very last questions were--does plaintiff have an injured child to show in the courtroom? Does plaintiff have a disfigured woman to show in the courtroom? Does plaintiff have a dying victim--particularly with soon-to-be-orphaned small children--to show in the courtroom? If so, then all bets were off--it did not matter in the slightest if our insured was at fault or not. The jury, invariably, was going to collectively say, "you just won the lottery" and law or justice wouldn't have much to say about it.
And that's what's going to happen to you...
As I wrote above, justice or fairness don't enter into the discussion. The jury, faced with a disfigured woman (and plaintiff's counsel will be sure to have sent her to a spa and a fashion photographer before she started chemo in order to be sure to document how beautiful she was before the double mastectomy and losing all of her hair) will feel a deep sense of sympathy. Women on the jury will insist that We Must Do Something--and who, on the jury, will argue, "hey--nobody said life is fair..." The jury will console any worry-warts with the knowledge that "the defendants are all insured" and they'll write the plaintiff a big check.
And here's where you get screwed...
The radiologist who read the mammogram but didn't find the cancer? She was insured. The networking consultant who assembled the system? He wasn't insured--but he is incorporated. And the corporation has no assets. You and your four friends that developed the video driver? Three of your colleagues are apartment-dwellers with no assets worth seizing. But you and the team leader are both homeowners.
The jury awards the victim $4 million. In the post-trial conference, the radiologist's insurer agrees to pay $2 million. You and your friend are on the hook for $1 million each. Fortunately, you have $1 million of liability coverage on your homeowner's policy. Unfortunately, your homeowner's policy doesn't provide liability coverage for your commercial activities. Your insurance agent, and the claims adjuster for your insurance company, explain to you that even though you didn't get paid a dime, by providing an alternative to a commercial product, you were engaged in commercial activity. They're going to disclaim--but, out of the goodness of their hearts, they'll make a "courtesy" payment of $25,000. You're on the hook for $975,000 in damages.
Then the forty other panic-stricken women who were given negative mammogram evals by that radiologist serve notice that they are suing you as well....
Understand clearly: this isn't FUD
This is simple, first-week-of-class insurance and business law in the United States. This is reality. And it is precisely issues like this that cause small businesses (and large businesses for that matter) to go bananas about "tort reform" any time the subject comes up. And the cost of this--the risk, plus the cost of buying insurance to hedge against this risk--is precisely why some software costs a ton of money. Way more than it should. It isn't just paying for overpaid developers, fat-cat executives, Ferraris for the sales guys, and Aeron chairs for everybody--it's also paying for whacking great insurance premiums and $650/hour lawyers.
If you don't know this, if you aren't prepared to deal with the consequences of this--even the consequences of somebody using your software for a purpose that you never even contemplated as a possibility--you shouldn't be playing the game. If you're writing software, for work, for pay, as a contractor, as a hobby, or as an FOSS purist on a mission to save the world from Microsoft--you had better carefully consider how you will respond in the event of a liability suit. Because "contributing to the community" is not going to spare you from liability for damages. That's not fair, but (as the old joke goes) nobody goes to Fair School.