Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

Re(5): OT: Software & Liability

by mojotoad (Monsignor)
on May 20, 2002 at 22:36 UTC ( [id://167990]=note: print w/replies, xml ) Need Help??


in reply to Re(4): OT: Software & Liability
in thread OT: Software & Liability

I'm taking the middle ground here. I do not think software manufacturers should be blanket-protected from liability, nor do I think they should always be liable. I think these details should live in the contract. I do not see any other way in which unscrupulous vendors can be held accountable while at the same time allowing open source efforts to progress without fear of lawsuits. It makes me grimace, but taking either exteme I think would be worse.

There is lots of case law out there for widget manufacturers, lots of laws regarding false advertising and fraud, among other things. For whatever reason, markets seem more willing to accept ridiculous terms for software. Perhaps this is because the real risks remain pretty obscure for average people to discern when it comes to software.

Having your systems compromised can be very expensive. But what other options are there? How many companies are in a position to demand a different licensing agreement? Just because software is open source doesn't mean it's superior than closed source. So where does that leave you?

I agree it can be expensive; you and I know this. Average non-technical Joe does not neccessarily know this. These risks remain obscure. I advocate education over legislation, or at least heavy-handed legislation that penalizes, say, open source in the iterests of corporations, or corporations in favor of open source. Existing laws on false advertising should be employed: a company advertising their product as "secure" bundled with a EULA saying "you're on your own and you can't sue us" strikes me as disingenuous. Like any product, software should be required to work as advertised.

Where does this leave us?

There is still a role here for consulting firms to fill the gap with auditing and hardening services. This sort of assurance is expensive, but security does cost money. This role will remain marginalized so long as people aren't educated about risks involving software; with education the pendulum can swing back towards tolerating a little inconvenience for the sake of security. Legislating the tides to halt is not the answer.

Matt

Replies are listed 'Best First'.
Re(6): OT: Software & Liability
by cjf (Parson) on May 20, 2002 at 22:50 UTC
    I advocate education over legislation, or at least heavy-handed legislation...

    I agree with you here. As people learn more about security I'm sure the situation will improve somewhat. The insurance industry will play a major role in this education as well. As I noted earlier if companies see much higher premiums for using, oh lets say, a Microsoft product, they might consider looking at alternatives a little closer.

    Existing laws on false advertising should be employed: a company advertising their product as "secure" bundled with a EULA saying "you're on your own and you can't sue us" strikes me as disingenuous.

    This would solve a lot of the problems. Consider Oracle's "Unbreakable" campaign. If they knew for certain they'd face lawsuits over false advertising they might have taken a little more care in making their claims.

[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://167990]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (5)
As of 2024-04-25 10:42 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found