On Mon, 13 Aug 2001, Black Unicorn wrote:
>Do I think that software should have products liability attached to it? No.
>Do I think strict liability stifles innovation? No.
I would actually like to make a smaller point here. Broadly I
agree with BU, but I'd like to analyze it a little.
If software actually cost money per every unit produced, products
liability would make more sense because then it could become "part
of" the production costs.
However, given that copying bits is in fact free (copyright issues
aside), adding a real per-unit expense has the potential to
*dominate* the production cost. Open-source software would become
impossible to produce, because the whole open-source paradigm
depends on copying bits being free.
I think MS would like nothing better than having products liability
attached to software in general; it would solve a massive problem
for them by putting open-source stuff out of production. Even though
the open-source stuff is better from a security standpoint, there
is effectively no one who is making enough money from it to bear
the costs of product liability.
Some security consultants *do* bear the cost of product liability
on software they install and configure; they are paid obscene amounts
of money to take that risk and do the solid configurations that
minimize it, and that is as should be. The effect of product
liability on the industry as a whole would be to remove the only
secure products available (open-source products), making it
effectively impossible for security consultants to do their jobs.
Bear
