If I sell you code, or anything with software in it, I am liable for any damages caused by my bugs and cannot disclaim it. If I come to any kind of licensing arrangement for a fee, the same should be true. This proposal, while it runs completely counter to the directions that software companies want to push the world, is in line with the concept of implied warranties that apply in virtually every other industry. Were Microsoft selling cars, it would have to pay for the equivalent of viruses in that technology. Why shouldn't it have to pay for having virus-prone software?
But I guarantee you that given a choice, software companies will never accept liability for anything. There are good reasons why not. In fact it is exactly this issue which led to the current state of affairs in software. It is exactly parallel issues with, for instance, cars that led to lemon laws and implied warranties. (The avoidance of which caused software companies to avoid actually selling anything...)
Therefore if we want companies to create secure software, someone needs to be liable. We just have to do it carefully so that open source software when given away does not cause liability. (Note that open source software, when sold, would then have liability associated with it. Presumably people wishing to do that would therefore have incentives to audit what they are selling...)
In reply to Re (tilly) 3: Programmers should be board-certified, just like doctors, lawyers, and CPAs
by tilly
in thread "Buffer Overflow" rant in Risks Digest
by dws
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |