This debate needs some clarifications, because I think most people basically agree on the same thing, but that the legal classifications are confusing people.

I'm pretty sure Dave didn't say that all coders should be liable for software bugs. He was complaining that developers can use licensing agreements to shield them from harm caused by bugs they were even aware of before the software was released. That isn't right.

In product liability, there are several different standards of fault. Strict liability, like many car manufacturers and food processors, can be liable even if they weren't aware at the time their product was defective. These usually require physical damage, or some other serious damage. Most software wouldn't come under this classification. However, coders sohuld be held liable for damage caused by intentional bugs, or material bugs they were aware of but chose not to fix in order to meet a commerical deadline, for example. Negligence standard is trickier. That would hold coders up to a reasonable standard and I think that would get very tricky, and could have the "chill affect" on development.

And remember, we're talking only about commercial software developers, not those who use open source or free software. Those who use those pieces agree to hold prior coders harmless.

So, given this clarification, it would be interesting to see where the differences actually lie in this argument.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/47/9323#9323