On 11/8/15 9:22 PM, Jason Healy wrote:
How do you know that the software you’re buying has had some reasonable
standard of care put into its development? Without access to the source, you
only have a particular company’s reputation to go on.
Note that I don’t necessarily believe we should license everyone who writes
software for a living. I particularly feel that open-source software should be
able to disclaim some liability (no warranty for any purpose, etc, etc) since
liability could really hurt people wanting to release stuff.
But if there were at least an option to certify that software follows some best
practices, that would be helpful. Of course, that requires some kind of
magical, all-encompassing, difficult-to-fake, non-burdensome yet worthwhile
certification process that doesn’t just become a bureaucratic box to check on a
project.
I suppose companies could just start offering some kind of performance warranty
on their work voluntarily and hope people are willing to pay a little extra for
the assurance. However, since most people seem to accept software bugs as par
for the course, I’m not sure who would go out of their way to do that.
Bruce Schneier has been supporting legal liability for the computer
industry (particularly for security issues) for a very long time now[1].
There's a strong tradition of product liability laws in many other
industries. The companies don't need to start doing anything that's
unusual or industry-specific; they just need to stop adding liability
disclaimers to their EULAs, and we as customers need to stop accepting
EULAs which sign away our rights. If end-users had some legal recourse
when a company gets hacked and discloses their data, companies would
start caring a lot more about good process and not just hurling the most
recent commit out the door.
As a side effect, I suspect this would cause a significant spike in
demand for the sorts of people who knew how to run reliable,
high-quality processes at scale. I wonder where we could find a bunch of
those?
- Adam
[1]:
https://www.schneier.com/essays/archives/2003/11/liability_changes_ev.html
_______________________________________________
Discuss mailing list
[email protected]
https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss
This list provided by the League of Professional System Administrators
http://lopsa.org/
