While the USA is plenty stupid and litigious sometimes, the EU has recently come up with one of the most destructive ideas ever:

In short, they're saying "Let's explicitly legislate that software developers are liable for security lapses."

Yes, possibly even for FOSS (open source software). Now this might sound like a really good idea to a non-programmer — but it's just not. And for further entertainment, let's say they do exempt FOSS. That would only stifle non-opensource developers and put them at a ridiculous disadvantage. I think the dual model performs well collectively — both FOSS, and closed source have their respective places in the software ecosystem. This is just an all-around bad idea for both.

Now I don't advocate absolute immunity for developers. That's silly — but let's leave that to the lawyers. Just like we've seen lawyers pierce corporate veils in perverse corporate liability cases here, lawyers can frequently establish liability in cases where a license or disclaimer specifies otherwise. That's their job, after all.

Legislating the liability will cause well-meaning, bright, productive developers to look over their shoulders — or simply not develop at all. Application developers will lock down APIs for fear that a plugin will expose a theretofore unexploitable or obscure vulnerability. And opensource developers who originate the code on two sides in a complex software system would be potentially liable, and waste exorbitant amounts of time litigating about whose fault it really was.

In the end, it will stifle productivity. If I were a WordPress developer in this hypothetical toxic environment (core — or plugins), I'd think twice before peddling my wares in the EU. WordPress and its "rich ecosystem" of plugins can be a security fiasco of sorts.

The licenses for FOSS typically stipulate that liability will not exceed the cost of the application ($0). Why bother exposing yourself, and what is the EU thinking?

One thing I do know — the lawyers are salivating — and legislating does nothing except feed them.

Tell an amigo:
  • Sphinn
  • Digg
  • Reddit
  • del.icio.us
  • StumbleUpon
  • Facebook



Related posts:
Do You Like Kungfu or Kung Fu: Why Not Both? As you do your keyword research to find your targets,...
Why SEOs Should Use Custom Markup Languages One of the criticisms I have of many CMSes is...