[Dshield] Wired article on dealing with viruses and worms

Jon R. Kibler Jon.Kibler at aset.com
Thu Sep 11 23:34:19 GMT 2003

Dan Morrill wrote:
> Ok,
> Now how would you enforce this for software that is under the GNU? There is
> no one person, there is no one entity that could then be held responsible
> for that process. So if the Open Source software was released, and the
> person writing the code knew their code was open to misappropriation, and it
> was not caught by the rest of the group building the code, who would then be
> liable?
> R/
> Dan

It is my understanding (and I am NOT a lawyer) that to be criminally liable for an act one must:
	-- act with negligence, or
	-- act with malice, or
	-- act with intent to defraud.

Whereas all software has bugs -- although some have orders of magnitude more than others -- I would argue that a lot of commercial software organizations clearly put profits so far ahead of the public good, and act in a way that clearly causes public harm, that their actions should be considered criminal. Depending upon the circumstances, I believe that it could be easily argued that many of the large software companies regularly act negligently, if not worse.

Regarding Dan's point, clearly open source and similar 'public' efforts would require special provisions in any law to protect individual contributors. (Maybe this would get M$ to release source code!)

No product produced today -- software or otherwise -- is completely bug free. It is just time to make software producers stand up to some reasonable quality standards; especially when they have no real competition to force them to improve their quality. 

Think of the American automobile industry. For decades, the cars they produced were about as buggy (no pun intended) as today's software. They had no real competition. Then you had the Japanese car invasion of the 1970s. Their cars were not great, but they were a lot better than the American cars. Consumers started to switch. That forced the American manufacturers to improve quality, which caused Japan to produce even better quality cars, etc. Changes in automotive product liability laws, pushed by Nader's "Unsafe At Any Speed" book, also helped motivate the industry to improve quality.

I don't see any real competition any time soon for some of the major software vendors. Thus, I believe the only effective way to force an improvement in product quality is to subject the software industry to some reasonable product liability standards -- standards from which they now have a complete exemption.

Jon R. Kibler
A.S.E.T., Inc.
Charleston, SC  USA

Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the list mailing list