If you haven't noticed there has been a recent trend that is pushing for software companies to have liability. :) If that occurs then having a simple "We are not liable" statement would not protect the software developer. This would be similar to a car company having a "We are not liable" sticker on the front door of their car. They can have the sticker but it wouldn't mean anything.
At 08:39 AM 4/21/2003 -0500, you wrote: >Most open source software (and closed too, for that matter) that I've >come across has a disclaimer of liability for any damages. If this >weren't the case, then Microsoft could probably have been sued into >oblivion by now. However, I do see potential appeal in a piece of >software that has a set guarantee of security, with some sort of >compensation to a victim if the software is compromised. > >This could actually be an interesting business idea. Take some open >source security product that already has a community trust. Start a >business that does a few things. First, you sell installation and >support contracts for the product. Then, you bundle insurance. For a >monthly fee, all your customers are in an insurnace co-op for the >product, and they could potentially claim against it if they get >compromised via the product. With the revenues from the support and >insurance premiums, you'd be able to fund programmers to enhance and >further secure the products. Of course, like any insurance company, >there's a risk of getting sued for more than you could cover, but maybe >there's a way to protect against that, possibly with a 3rd party >insurance policy or bonding. > >On Mon, 2003-04-21 at 08:14, Dustin Puryear wrote: > > Dan Geer's "comments on the national strategy to secure cyber-space", in > > the April 2003 issue of ;login, contains a letter to the cyber-tzars in > the > > nation's government. One of his bullet points is the need to attach > > liability to claims of security. Essentially, the argument is that if a > > company claims that a given product is secure then they are liable for any > > insecurities. A very interesting way to tackle software liability even if > > only security is addressed. > > > > My question is how does this or any liability affect open source? We can > > instantly assume that there will be vulnerabilities in open source > > software. That's not up for debate really. The real question is who, if > > anyone, is liable if an open source program is found to have been the root > > cause of a compromise or, in a larger sense, any failure of a system? > There > > are a couple of ways to consider the interplay of liability and open > > source, and here I mention two: > > > > 1. open source is given blanket immunity. In this case open source is > given > > immunity because users have the right to inspect the code for any issues > > before use. (I don't think this is too realistic, and neither will most > > legislatures.) Also, how many companies are willing to risk using software > > that is immune from the same levels of liability as closed software? I > > would think that at this point most closed software shops would have > > embarked on some kind of certification program to show due diligence. Will > > this leave under-funded open source projects out of the running? > > > > 2. open source is not immune. Will open source writers then be sued? Will > > projects that have the potential to become great but are still in the > early > > stages be most at risk? How do we reduce this risk? Can we limit liability > > by following suggested best practices during development? If so, how do we > > really agree on these best practices? What if we follow them and then the > > compiler is ultimately the responsible party? Or the system libraries > under > > Linux? > > > > --- > > Dustin Puryear <[EMAIL PROTECTED]> > > Puryear Information Technology > > Windows, UNIX, and IT Consulting > > http://www.puryear-it.com > > > > > > > > _______________________________________________ > > General mailing list > > [email protected] > > http://brlug.net/mailman/listinfo/general_brlug.net > > >_______________________________________________ >General mailing list >[email protected] >http://brlug.net/mailman/listinfo/general_brlug.net --- Dustin Puryear <[EMAIL PROTECTED]> Puryear Information Technology Windows, UNIX, and IT Consulting http://www.puryear-it.com
