Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl: the Markov chain saw
 
PerlMonks  

Re: Re: OT: Software & Liability

by cjf (Parson)
on May 20, 2002 at 21:29 UTC ( [id://167967]=note: print w/replies, xml ) Need Help??


in reply to Re: OT: Software & Liability
in thread OT: Software & Liability

Isn't the onus on the customer to define what sort of contract they enter into with a manufacturer (software included)?

Have you tried arranging a meeting with Microsoft to change the contract a copy of Windows is licensed under? Did you have to check with your car manufacturer to make sure the car doesn't blow up when it hits 20km/h?

Lumping every bit of code under "software" serves to obscure the different circumstances under which expectations are met

How else would it be done if they're all licensed under a 'software licensing agreement along the lines of "authors of this software are in no way liable for any harm resulting from the use thereof".' It seems the difference here (if software manufacturers were no longer protected) would be how much the manufacturer is liable for.

Replies are listed 'Best First'.
Re: Re: Re: OT: Software & Liability
by mojotoad (Monsignor) on May 20, 2002 at 21:44 UTC
    Have you tried arranging a meeting with Microsoft to change the contract a copy of Windows is licensed under? Did you have to check with your car manufacturer to make sure the car doesn't blow up when it hits 20km/h?

    This was partly my point, though perhaps not clearly stated. All else equal, suppose that everyone actually had artificial hearts and that what we were buying from Microsoft was control software for these devicies. The dynamic for ridiculous EULA's would instantly change, because on average the stakes have just shot through the roof. The market would no longer be as willing to forgive the risks.

    Granted, this can be abused in monopolistic environments, but I think people would also pay a hell of a lot more attention to what they were actually buying if it literally made their hearts tick.

    The point of the other examples was illustrating that when you're in high-risk business you are less likely to accept foolish terms from a vendor. Regardless of your clout -- if there is a market there, competition will arise. Since you are (hopefully) aware of the nature of your risky endeavor, you go the extra mile to actually read a contract.

    With operating systems for individuals today, there is not enough risk associated with purchasing an inferior product, therefore better options remain in a niche market. The market bears the ridiculous EULA's.

    Matt

      Excellent points.

      The dynamic for ridiculous EULA's would instantly change, because on average the stakes have just shot through the roof. The market would no longer be as willing to forgive the risks.

      What if software manufacturers were protected under law and could not be found liable? A smart software company would talk big, say their product is the most safe but make no promises. Granted, as soon as one company steps forward and changes the agreement, the whole situation changes, but who would risk such liability?

      So what if no software vendor stepped forward? I'm betting there would be a lot more people calling for legislation to be passed. Sort of similar to the current situation, isn't it?

      With operating systems for individuals today, there is not enough risk associated with purchasing an inferior product

      This is debatable. Having your systems compromised can be very expensive. But what other options are there? How many companies are in a position to demand a different licensing agreement? Just because software is open source doesn't mean it's superior than closed source. So where does that leave you?

        I'm taking the middle ground here. I do not think software manufacturers should be blanket-protected from liability, nor do I think they should always be liable. I think these details should live in the contract. I do not see any other way in which unscrupulous vendors can be held accountable while at the same time allowing open source efforts to progress without fear of lawsuits. It makes me grimace, but taking either exteme I think would be worse.

        There is lots of case law out there for widget manufacturers, lots of laws regarding false advertising and fraud, among other things. For whatever reason, markets seem more willing to accept ridiculous terms for software. Perhaps this is because the real risks remain pretty obscure for average people to discern when it comes to software.

        Having your systems compromised can be very expensive. But what other options are there? How many companies are in a position to demand a different licensing agreement? Just because software is open source doesn't mean it's superior than closed source. So where does that leave you?

        I agree it can be expensive; you and I know this. Average non-technical Joe does not neccessarily know this. These risks remain obscure. I advocate education over legislation, or at least heavy-handed legislation that penalizes, say, open source in the iterests of corporations, or corporations in favor of open source. Existing laws on false advertising should be employed: a company advertising their product as "secure" bundled with a EULA saying "you're on your own and you can't sue us" strikes me as disingenuous. Like any product, software should be required to work as advertised.

        Where does this leave us?

        There is still a role here for consulting firms to fill the gap with auditing and hardening services. This sort of assurance is expensive, but security does cost money. This role will remain marginalized so long as people aren't educated about risks involving software; with education the pendulum can swing back towards tolerating a little inconvenience for the sake of security. Legislating the tides to halt is not the answer.

        Matt

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://167967]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others chilling in the Monastery: (4)
As of 2024-03-29 05:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found