IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / My proposal
Post #23,847
by ben_tilly
1/10/02 11:21:20 PM
Reply
New My proposal
If if walks like a sale, and talks like a sale, then it is a sale.

And implicit warranties apply. And cannot be disclaimed.

In short, if you do something that resembles a sale too closely, whether you call it a sale or licensing, whether the direct sale was with you or a third party with permission to relicense, you are liable.

If you give it away, you are fine. But anyone who is selling a CD with open source software is taking on that liability. (And that liability is exactly what you are selling.)

This would put software on approximately the same grounds that everything else is. If I sell you a hammer which is prone to twisting and knocking the nail into you, I am liable. If I sell you email software which is prone to well-known macro viruses, I should be also. Whether or not I try to pull a fast one and claim that I didn't really sell you anything.

And in the same vein, if Microsoft and a bug-finder agree not to avoid telling consumers of a serious consumer risk for extended periods, that is collusion and should be treated as such.

The whole industry would howl over that. But I think it is fair. Software companies shouldn't be allowed to do an end-run around existing liability laws. Sure it is harder. But does anyone think that designing safer cars is easy on Detroit? What makes software special? That most programmers are incompetent? I think not!

Cheers,
Ben
Post #23,855
by wharris2
1/11/02 12:14:36 AM
Reply
New Curious about turn-of-century autos
With respect to product liability and so forth.

Probably not liable for *anything*, except actual damages. A car hits your horse, the driver is probably liable for the damages to the horse.

Wondering how that might apply to today's software.
"Beware of bugs in the above code; I have only proved it correct, not tried it."
-- Donald Knuth
Post #23,874
by ben_tilly
1/11/02 7:46:50 AM
Reply
New Returning an honest question with an immediate response...
The turn of which century?

That was honestly my first question when I read your title.

But yes, there was little liability for early autos. Which in turn had a tendancy to fall apart in collisions. And cars continued to not pay much attention to safety until the government began passing laws about it and (probably more importantly) a lawsuit over a design mistake of the Ford Pinto resulted in [link|http://www.uoguelph.ca/~sharoon/a1/A1disaster.htm|huge judgements]. (Advice to executives everywhere. If you do a back of the envelope calculation of how much it costs to do things right versus how much you expect to pay for lawsuits over early deaths, make sure that envelope gets destroyed...)

Before that the attitude was that safety doesn't sell. After that it was that unsafety costs. The software industry is definitely at the point where security doesn't sell. I would like to see it moved to the latter one...

Cheers,
Ben
     NAS gets into the act - mandate accountability (?) - (Ashton) - (8) - Jan. 9, 2002, 10:56:30 PM EST
         Oh, that sounds good.... - (imric) - (7) - Jan. 10, 2002, 08:17:41 AM EST
             Ben already broke that one down for us - (drewk) - (3) - Jan. 10, 2002, 11:37:22 AM EST
                 That was copyright protection, not security - (ben_tilly) - (2) - Jan. 10, 2002, 11:10:51 PM EST
                     But don't they intend to "secure" copyright protection? - (drewk) - (1) - Jan. 11, 2002, 09:11:17 AM EST
                         The language makes differing goals easy to confuse - (ben_tilly) - Jan. 11, 2002, 01:13:12 PM EST
             My proposal - (ben_tilly) - (2) - Jan. 10, 2002, 11:21:20 PM EST
                 Curious about turn-of-century autos - (wharris2) - (1) - Jan. 11, 2002, 12:14:36 AM EST
                     Returning an honest question with an immediate response... - (ben_tilly) - Jan. 11, 2002, 07:46:50 AM EST

I am LRPD of Borg. Refreshing is useless. You will be addicted.
58 ms