If I sell you code, or anything with software in it, I am liable for any damages caused by my bugs and cannot disclaim it. If I come to any kind of licensing arrangement for a fee, the same should be true. This proposal, while it runs completely counter to the directions that software companies want to push the world, is in line with the concept of implied warranties that apply in virtually every other industry. Were Microsoft selling cars, it would have to pay for the equivalent of viruses in that technology. Why shouldn't it have to pay for having virus-prone software?

But I guarantee you that given a choice, software companies will never accept liability for anything. There are good reasons why not. In fact it is exactly this issue which led to the current state of affairs in software. It is exactly parallel issues with, for instance, cars that led to lemon laws and implied warranties. (The avoidance of which caused software companies to avoid actually selling anything...)

Therefore if we want companies to create secure software, someone needs to be liable. We just have to do it carefully so that open source software when given away does not cause liability. (Note that open source software, when sold, would then have liability associated with it. Presumably people wishing to do that would therefore have incentives to audit what they are selling...)

Cost centers and profit centers. *ponders* Hrmmm... So? There are large implied cost centers to licensing doctors. Yet, hospitals won't accept any Joe off the street to put on a bandaid in their ER, let alone do open heart surgery. Why? Because it's the law that only board-certified doctors can perform medicine.

Why is there a problem here, in a profession where it is theoretically possible to guarantee that the product is defect-free. This is the very profession where certification should be something which is embraced! Why the resistance?

------
We are the carpenters and bricklayers of the Information Age.

Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

Read the node I linked to more carefully. I said the minimum they think they can get away with. That remains perfectly true in medicine, however laws, liability and necessary certifications have raised that limit.

Even so, you don't want to know what I have learned about the (mis)practice of medicine. Some samples. Did you know that more than half of doctors privately admit that they think there is someone they killed as an intern due to a mistake they made out of exhaustion? Did you know that hospitals offering open heart surgery that does under 30 per year have massively higher fatality rates than ones which do at least 150? The hospitals know that they can't safely do open heart surgery but don't care since open heart surgery is very profitable. Did you know that hospitals often try to dissuade patients from conducting autopsies for fear that it will make malpractice suits more common? Did you know that hospitals play games like have a licensed and respected surgeon start a surgery, leave to start other surgeries while a junior surgeon does the work, and then returns when you come back to conciousness? Are you aware that self-prescription of drugs is a huge problem for doctors, and often co-workers wind up turning a blind eye to doctors who are working while impaired by drugs?

Trust me on this. If hospitals could replace doctors with nurses, they would tomorrow. Many of the existing requirements to have doctors perform medicine are pushed by the AMA because it is in their interest to do so. Where already qualified and competent doctors don't care - like the case with overworked interns - laws aren't pushed for, or if they are passed are ignored in practice. (In a survey not one hospital in New York State was in compliance with state laws about how much interns could work. A friend of mine in OB/GYN recently had an accident, she fell asleep at a red, startled awake and hit the car in front of her. Do you want her delivering your girlfriend's next baby? The one who does it will be no better.)

Asking why programming is different from medicine is making a false assumption. The business of medicine operates on the same principles that the business of programming does. They consistently deliver the cheapest product that delivers the minimum acceptable standard. And the definition of acceptable is, "not adversely affecting the bottom line". The only difference is that it is far easier and more common to sue doctors and hospitals than it is to sue Microsoft. Therefore the minimum that must be met is of slightly higher quality.