|
IT in Academia, Software Liability Revisited |
|
|
|
Friday, 23 April 2004 |
Here's an interesting interview with Jeff Shiller at MIT. My favorite bit, "the more famouse your faculty are... the more chaotic your network is going to be." As an IT guy at a University, I think he's hit it on the money.
Jeff also gets into a discussion about software liability and open source. Like me, he agrees if you go open you should get a certain degree of protection from liability in exchange.
Given the current security mess on the internet, I think if software liability does become a legal reality projects over a certain size will have to be open. The liability may be so great for something as ubiquitous as Microsoft Windows that the cost of liability insurance would be prohibitive.
Then again, it's not clear how the liability will be shared. Builders have liability insurance, but so do homeowners. My guess is it will come down to negligence. If a software author fails to use certain industry accepted practices to reduce the likelyhood of a security flaw in their product and a resulting flaw causes a loss the author is at least somewhat liable. But if the author creates a product for one use, and the user uses it for another the user is probably more at fault.
The difficulty is in deciding who is responsible for what. A builder must use the right size lumber and the homeowner can't fill the attic with their lead weight collection. Another interesting problem for software is how easy it is too update. If a builder makes a design mistake then fixes it before any harm is done, they probably aren't liable. If a software author creates a security flaw then releases a patch and an unpatched user suffers a loss, is the author liable for creating the flaw, or the user liable for not patching?
Powered by AkoComment 2.0! and SecurityImage 3.0.4 |
