On Mon, 13 Aug 2001, Black Unicorn wrote:
Do I think that software should have products liability attached to it? No. Do I think strict liability stifles innovation? No.
I would actually like to make a smaller point here. Broadly I agree with BU, but I'd like to analyze it a little. If software actually cost money per every unit produced, products liability would make more sense because then it could become "part of" the production costs. However, given that copying bits is in fact free (copyright issues aside), adding a real per-unit expense has the potential to *dominate* the production cost. Open-source software would become impossible to produce, because the whole open-source paradigm depends on copying bits being free. I think MS would like nothing better than having products liability attached to software in general; it would solve a massive problem for them by putting open-source stuff out of production. Even though the open-source stuff is better from a security standpoint, there is effectively no one who is making enough money from it to bear the costs of product liability. Some security consultants *do* bear the cost of product liability on software they install and configure; they are paid obscene amounts of money to take that risk and do the solid configurations that minimize it, and that is as should be. The effect of product liability on the industry as a whole would be to remove the only secure products available (open-source products), making it effectively impossible for security consultants to do their jobs. Bear