After my post last week about the legal implications of software quality, I noticed a small piece written by David Worthington in the previous week’s edition of SD Times, detailing the British House of Lords’ proposal to increase the liability of software vendors for personal security issues. Although a recommendation from a House of Lords committee is a far cry from actual legislation, it’s worth paying attention to some of the observations in the report.
The most significant recommendation, to my mind, is that the British Government explore the introduction of vendor liability in the software industry. ZDNet quotes from the report:
In the short term we recommend that such liability should be imposed on vendors (that is, software and hardware manufacturers), notwithstanding end-user licensing agreements, in circumstances where negligence can be demonstrated. In the longer term, as the industry matures, a comprehensive framework of vendor liability and consumer protection should be introduced.
But it’s Worthington at SD Times who has the most interesting spin on this story: how do you handle liability issues in open source software? He quotes the Lords committee’s technical expert, Richard Clayton, who seems pretty sure that open source contributors could find themselves being held liable for any negligence, and even goes so far as to suggest that difficulties over assigning liability could produce a bias against free software.
Clayton ends up predicting that the end result, after case law settles down and penal code is established, will be that the software industry will become “just the same as any other industry”. Imagine that!