Liability software bugs

The key to fixing this is software liabilities. Computers are also the only mass-market consumer item where the vendors accept no liability for faults. The reason automobiles are so well designed is that manufacturers face liabilities if they screw up.

A lack of software liability is effectively a vast government subsidy of the computer industry. It allows them to produce more products faster, with less concern about safety, security, and quality.

Equally, no less a person than Alan Cox is against it:. Cox said that it would be difficult to make open-source developers liable for their code because of the nature of open-source software development.

As developers share code around the community, responsibility is collective. But Schneier has a suggestion for dealing with that problem too:.

The key to understanding this is that this sort of contractual liability is part of a contract, and with free software -- or free anything -- there's no contract. Defect triaging helps the development team to fix the bugs based on their priority and severity. Since all the relevant information about the defect is readily available to them, it makes the fixing process easier and less time-consuming.

If triaging is done correctly, then it significantly reduces the time taken between reporting the defect and its resolution. The goal of this team is to evaluate the defects, assess them, and attach priorities and severity level.

Priorities correspond to business perspective and severity corresponds to technicalities. Many times, few defects may be considered trivial and rejected at this stage. Accepted defects are prioritized and assigned for resolution. This process is not just about attaching severity and priority to the defects. It also provides all relevant information required to track, replicate, and fix them. The invalid defects and the basis of their rejection are also recorded for reference purposes.

Root cause analysis for every single defect is conducted. This analysis forms the basis for an improvement plan which ensures that chances of getting a similar defect are significantly reduced.

A report is generated based on the outcomes of the triaging process. A typical defect triage report will have the following information:. You are instructed not to rely on the commentary unless you have consulted one of our Lawyers to ascertain how the law applies to your particular circumstances. Commercial Law. Corporate Law. Intellectual Property. Technology Law. Franchising Law. IT Law. Are software developers liable for defects in their software? Malcolm Burrows. Contact Us.

This field is for validation purposes and should be left unchanged. The Signet Legal Updates Please enter your information in the form below. P: E: service dundaslawyers. More precisely, it rewards additional features and timely release dates, even if they come at the expense of quality.

If we expect software vendors to reduce features, lengthen development cycles and invest in secure software development processes, it needs to be in their financial best interests to do so. If we expect corporations to spend significant resources on their own network security — especially the security of their customers — it also needs to be in their financial best interests. Raising the risk of liability raises the costs of doing it wrong and therefore increases the amount of money a CEO is willing to spend to do it right.

Security is risk management; liability fiddles with the risk equation. Basically, we have to tweak the risk equation so the CEO cares about actually fixing the problem, and putting pressure on his balance sheet is the best way to do that. There are many parties involved in a typical software attack.