- May. 13th, 2009
- 3 comments
While the USA is plenty stupid and litigious sometimes, the EU has recently come up with one of the most destructive ideas ever:
In short, they're saying "Let's explicitly legislate that software developers are liable for security lapses."
Yes, possibly even for FOSS (open source software). Now this might sound like a really good idea to a non-programmer — but it's just not. And for further entertainment, let's say they do exempt FOSS. That would only stifle non-opensource developers and put them at a ridiculous disadvantage. I think the dual model performs well collectively — both FOSS, and closed source have their respective places in the software ecosystem. This is just an all-around bad idea for both.
Now I don't advocate absolute immunity for developers. That's silly — but let's leave that to the lawyers. Just like we've seen lawyers pierce corporate veils in perverse corporate liability cases here, lawyers can frequently establish liability in cases where a license or disclaimer specifies otherwise. That's their job, after all.
Legislating the liability will cause well-meaning, bright, productive developers to look over their shoulders — or simply not develop at all. Application developers will lock down APIs for fear that a plugin will expose a theretofore unexploitable or obscure vulnerability. And opensource developers who originate the code on two sides in a complex software system would be potentially liable, and waste exorbitant amounts of time litigating about whose fault it really was.
In the end, it will stifle productivity. If I were a WordPress developer in this hypothetical toxic environment (core — or plugins), I'd think twice before peddling my wares in the EU. WordPress and its "rich ecosystem" of plugins can be a security fiasco of sorts.
The licenses for FOSS typically stipulate that liability will not exceed the cost of the application ($0). Why bother exposing yourself, and what is the EU thinking?
One thing I do know — the lawyers are salivating — and legislating does nothing except feed them.
"3 Wise Comments Banged Out Somewhere On The Internet ..."