NEED A GREAT WEB SITE? NEED IT TO BE SEARCH-ENGINE-FRIENDLY? SEO Egghead is a web development firm dedicated to creating custom, search engine optimized web site applications. We specialize in eCommerce and content management web sites that not only render information beautifully to the human, but also satisfy the "third browser" — the search engine. To us, search engines are people too. Click here to talk to us. We'd love to help!

X

While the USA is plenty stupid and litigious sometimes, the EU has recently come up with one of the most destructive ideas ever:

In short, they're saying "Let's explicitly legislate that software developers are liable for security lapses."

Yes, possibly even for FOSS (open source software). Now this might sound like a really good idea to a non-programmer — but it's just not. And for further entertainment, let's say they do exempt FOSS. That would only stifle non-opensource developers and put them at a ridiculous disadvantage. I think the dual model performs well collectively — both FOSS, and closed source have their respective places in the software ecosystem. This is just an all-around bad idea for both.

Now I don't advocate absolute immunity for developers. That's silly — but let's leave that to the lawyers. Just like we've seen lawyers pierce corporate veils in perverse corporate liability cases here, lawyers can frequently establish liability in cases where a license or disclaimer specifies otherwise. That's their job, after all.

Legislating the liability will cause well-meaning, bright, productive developers to look over their shoulders — or simply not develop at all. Application developers will lock down APIs for fear that a plugin will expose a theretofore unexploitable or obscure vulnerability. And opensource developers who originate the code on two sides in a complex software system would be potentially liable, and waste exorbitant amounts of time litigating about whose fault it really was.

In the end, it will stifle productivity. If I were a WordPress developer in this hypothetical toxic environment (core — or plugins), I'd think twice before peddling my wares in the EU. WordPress and its "rich ecosystem" of plugins can be a security fiasco of sorts.

The licenses for FOSS typically stipulate that liability will not exceed the cost of the application ($0). Why bother exposing yourself, and what is the EU thinking?

One thing I do know — the lawyers are salivating — and legislating does nothing except feed them.