While a number of coders could be responsible for a software defect, it would be the responsibility of a given software project to correct that defect in a timely and effective manner. The reliance on an open source application can be guaranteed in part through support contracts, but simple ethics would dictate that the developers should hold themselves accountable for the final product. I wrote an essay (Liability, Reliability, and Safety
) that briefly touches on this topic back in 2007.
One point that I argue is "[c]ompanies must constantly look at their level of liability and manage the reliability and safety of their systems. Spinello discusses some issues of reliability such as software 'bugs' which are an inherent problem with any piece of software and are to be expected, within reason. However, the programmers of the software are expected to assume the responsibility for providing fixes for the bugs and improving upon the existing code."
The problem lies in defining what "knowingly" means. After all, "software vendors know that the nature of software guarantees a certain amount of bugs thereby raises the risk to the vendor. However, it is not unreasonable to expect that any crippling system bugs would be removed from the final release product. Asking software vendors to assume some liability would help to drive the quality of the software upward."
Ironically enough, I ask the question at the close of my arguments: "From a legal perspective, the United States has some way to go to resolve the problem of liability, especially in the software industry. Software products and systems are not only used to process secure transactions and enable consumers to manipulate data, but they are also used in environments where human lives are at stake and sensitive private data is handled by many different people at all hours of the day. Negative feedback has been proven to work less effectively than positive feedback when dealing with the human psyche, but should software vendors be offered incentives to provide better offerings and assume more liability, or should they be forced to accept a minimum level of responsibility by law and an increasing amount of accountability based upon the industry and the application of the product?"
So, in the case of open source software, should an application targeted at the medical industry be more liable than an application that serves personal media on the Internet? While I would like to see more open source software used in more organizations, I believe that as things stand now, service level agreements and quality of support on standard platforms play a large role in determining whether or not to use an open source application.
As for the risk of litigation,where does the onus of responsibility fall when there is no corporate entity? Does the owner of the individual project become the liable one?