Slashdot Mirror
Outlining a World Where Software Makers Are Liable For Flaws
CowboyRobot writes with this piece at the ACM Queue, in which "Poul-Henning Kamp makes the argument for software liability laws. 'We have to do something that actually works, as opposed to accepting a security circus in the form of virus or malware scanners and other mathematically proven insufficient and inefficient efforts. We are approaching the point where people and organizations are falling back to pen and paper for keeping important secrets, because they no longer trust their computers to keep them safe.'"
It will just cost 100x more, just like healthcare with the torts. Time to take out software developer insurance, similar to the healthcare insurance of approximately 1 million dollars a year paid by doctors these days.
This space for rent.
"There should be a law!"
No. No, there shouldn't. There also shouldn't be disclaimers that "this coffee can burn your ass," "don't point this gun at your face" or "don't use this curling iron to stir your bathwater while it's plugged in."
If organizations see pen and paper as the only alternative, then they're probably getting the quality of IT support that they're paying for.
!#@%*)anks for hanging up the phone, dear.
Software is complex enough that even the most diligent programmers produce bugs. It's nigh impossible to create 100% bug free code. I think this would pretty much kill the industry as well as be detrimental to hobbyists.
"You can't trust code that you did not totally create yourself."
I can't trust the code that I did totally create myself, either.
And the men who hold high places must be the ones who start
To mold a new reality... closer to the heart
From TFA:
So if you're distributing the source code (and license it correctly) the most you'll be out (aside from malicious intent) is a refund.
I need you to design a bridge. We've already promised the customer that it'll be light and strong, but we only have budget for paper (so we're ok on 'light', just make sure that it's strong), and the deadline is next Monday.
If you think it can't be done, I have the "outsourcing provider" on the phone telling me that there are 500 engineers who would do it. I need an answer in two hours. I know that you've just bought a house and have a new baby on the way, so think again before you protest.
By the way, we've also accepted liability. If anything goes wrong, I'll say that you told me it wasn't a problem.
You can overbuild a house, it generally makes it stronger. You over code a piece of software it just adds to the number of possible points of failure. The two really aren't good analogies for each other. That doesn't even consider things like how maintenance of both is handled, interactions of hardware, varying setups, and just simple complexity.
Hey, engineering in general is a profession. Bridges and skyscrapers get built. And if the engineers mess up people can die. And there's liability for flaws.
Should all software hold to this standard? No. I didn't involve a civil engineer building a clubhouse as a kid. But there are places where correctness does matter and is worth the extra discipline and professionalism.
//TODO: signature
... All we need is love and Free Software. And even the love is not strictly a requisite.
Let's say everyone owns Free software, so nobody (i.e. everybody) is liable for faulty Free software. Everybody (i.e. nobody) pays.
In other words, sure, let the proprietors of proprietary software pay for software behaving badly.
If the software is free it's everybody's and nobody's responsibility. It's like culture and language in general. We do it together.
Who's with me?
Some of my favourite people are from th US; Vonnegut, Chomsky, Bill Hicks.
The solution seems a little too simplistic. Just look at any very large software project, like an operating system. Even a simple operating system like an iPod has a huge set of sub-licenses (go check out the Legal menu item, at least twenty on my nano). Large commercial projects often have code contributed from other sources; some open source, some not. If the problem comes from one of those contributions or sub-licenses, what happens?
I could definitely see Microsoft setup a fully owned subsidiary that gives free code to only Microsoft under Clause 1 (limited to refund) while the main shop sells it as a full operating system. "Oh, your computer is part of a bot-net? Sorry, that was a bug in the browser code. But since they gave that to us free, you get a refund of $0."
And people resort to writing trade secrets down on paper? Who knew there were so many luddites at ACM?!
There are already far too many lawyers sucking overhead out of software development companies. Increasing liability for code will drive up how much it costs; software is only cheap because it's relatively low risk to release.
I make my living working on open-source projects. Given how many imperfect components I work with, in a world with liability issues my full time job would become contract paranoia instead. It's already extremely dangerous to try and make a living from open-source work due to the huge patent minefields you're exposed to. If something like this happened, the only companies who would still be able to afford the risk of coding would be corporations with large legal departments. I'd have to move to a country that doesn't have these laws instead, which is exactly where all the software jobs will migrate to (even faster than they are already migrating now).
The responsibility for preventing security problems with PCs should strictly fall into 2 places, the User, and the OS.... however... not the way 99.99% of you are thinking about it.
The user should decide what resources a program NEEDS in order to do a task, such as which folder it can access, what network connections, etc. This allows the user to decide ahead of time what they are willing to risk. Once that determination is made, the user then would give that list, along with a pointer to the program, to the operating system.
The OS should then enforce the users choices.... if it's not in the list, the application shouldn't even be able to find it, let alone access it. If the OS fails to enforce the users will, then the OS is at fault.... if the User gave away the store, well... they gave away the store.
This requires a simple change to the base design of operating systems, instead of permitting everything, and limiting actions of a running program to that of the user's account... the OS should limit the actions of the program to a short list of resources supplied by the user... and nothing else. Of course, the refactoring of everything to add this additional layer of logic is a massive undertaking.
There would still be the traditional user rights, access control lists, etc.... but there would also be a level of control where the user decides which of the resources they have should be given to the application. This is called "capability based security", or cabsec for short.
It's going to take somewhere between 10 and 15 years before people are fed up enough to make the switch.... but it will happen eventually.
Security isn't an application issue... it never was, and never will be.
player who had been killed by a specific weapon, after his armor had popped, had his death cam actually become the 1st person vision of the enemy who did the deed.
No, he had it right. Adding defensive programming techniques is ANOTHER layer, with MORE potential for failure. When it comes to software, less is more.
If you design a vault door for a bank that can be opened with a hairpin then it's your fault.
No, you hold the aircraft manufacturer liable because they're the one who put buggy software in an airplane.
Or, if you're an aircraft manufacturer and you want the person who developed the software to assume liability, you make them sign a contract to that effect before you pay them.
Trust an assembler? Who wrote it? The closest I've come to creating software of my own hand has been on a PDP-11 test station, and the embedded processor it tested... writing hex values directly into memory. But even while massaging words by "hand", I was still relying on someone else's tools to get my intention from the keyboard to the flip-flops, and thus still suffering from more levels of abstraction than any civil or mechanical engineering effort.
Luke, help me take this mask off
I proposed, back in 2000, that Microsoft be required to provide a full warranty on their products as part of their antitrust remedy. "Full warranty" has specific meaning in US law; see the article. A few vendors have provided full warranties and not found it too expensive. Notably, GTech, which builds gambling systems, is held financially responsible for errors made by those systems. This costs GTech less than half of one percent of their revenue.
It's time for the computer industry to grow up and take on warranty responsibilities. The auto industry had that forced on them by Congress in the 1960, over the screams of the auto industry. Cars rapidly became safer and more reliable.
real engineers build things that can kill people if they do things wrong. they have all the same pressures from management, but they still (theoretically) have standards, and licensing bodies, and like, rules and stuff.
Yes, all of which are designed to ensure competence, not to assign blame. If an executive hires an incompetent, the fault for any future problems lies with that executive. Who is more the fool: the fool ... or the man who hires him?
The higher the technology, the sharper that two-edged sword.
If you design it before the invention of the hairpin?
A flight control system will be a combination of hardware and software, and will have very strict usage limitations.
I find it very unlikely that someone would produce a flight control system that runs on the average windows computer and accept liability for anything that may happen.
If you control the entire solution, ensuring that it will work reliably is much easier.
Start modifying the flight control system, and I bet liability goes very quickly.
I'm a signature virus. Please copy me to your signature so I can replicate.
Yes, all of which are designed to ensure competence, not to assign blame. If an executive hires an incompetent, the fault for any future problems lies with that executive. Who is more the fool: the fool ... or the man who hires him?
That depends on the division of costs versus rewards. In nearly all organizations I've worked for, it goes somewhat like this :
Hiring a competent developer, who will be hard to find, but won't screw up :
1) costs : go to the executive, since he's responsible for hiring
2) rewards : go to the middle manager, since the hiring guy is never the manager with final responsibility for the product
(and costs for hiring competent people have gone up a *lot*)
Hiring the first fool that passes basic checks, who is easy to find, but screws up a lot :
1) costs : go to the middle manager with final responsibility for the product (ie. someone else)
2) rewards : go to the hiring executive (look ! quarterly quota filled in a week's time)
So who's the greater fool ? By large, it's the executive that tries to find competent employees. And this is ignoring the fact that in languages like java, vb (and more and more) C#, competent employees are a liability. Especially for a consulting business, competent employees are a liability. Once you have one or two really competent guys, you want to hire lots of fools.
We're not talking about ensuring the system operates in a normal expected environment though. It's not exactly complicated to make sure your software doesn't kill someone. What WE ARE talking about is making that elevator software completely impervious to any attacks or any kind of bypassing of the controls to ensure no one is killed.
Holding a software programmer liable for all potential flaws in their code is rather ridiculous and shows a general misunderstanding of how software is written. We do not just go out and build a bridge. We go out and purchase or use countless components that are prefabbed (libraries) and we build the bridge in methods suggested by industry standards, programming language standards, or vendor apis. When you purchase or use any software by anyone you are not just using software by them you are using software and programming techniques designed by countless other companies. There are so many interdependencies it is insane.
Let's be honest. The only reason why anyone is for this is because they are sick and tired of Microsoft and companies like them that are interested in their bottom line first. But most software companies wouldn't exist today if every line of code had to be iron clad and secure from bottom to top. So if we go the route this article is suggesting we are going to have software companies with no IP owned by just that company (open source distribution so the purchaser can make changes themself) or we are going to have very short lived software companies that are sued bankrupt every day they hire an outside contractor to do job xyz.
This entire concept is a joke. The problem with software security does not rest with the programmer or the organization. An entire industry would have to change over night to support anything even remotely like this.
"Wouldn't you hold the software developer accountable for that?"
Which gets to why this idea by itself won't work.
First, who is the "software developer" of a system that uses lots of modules from a variety of vendors (including hardware aspects)? You have an entire ocean of people involved with a big project like that from designers to coders to testers to users...
Second, companies will just use corporate law to create liability shields where each part that could go wrong will be in its own sue-able unit with minimal assets.
Third, let's say something does go wrong, and you can point at a bit of offending code. But, was that really the problem? What about the compiler not smart enough to catch a *semantic* error? What about the simulators that were not good enough to discover the bug in advance? What about the testing procedures? What about the broken CS training programs that focus on theory and not practice? What about the managers who picked a poor development platform because it was popular? When you can go up a chain (or web) of responsibility, why blame the coder at the bottom when there are so many factors involved in making that accident, some of which operate on different timescales?
This whole issue is part of the reason why things like Forth and Smalltalk were so wonderful as small and understandable self-reflective systems, but we got mainstream adoption of buggy C/C++ and bloated Java instead. When the plane crashes from a pointer error, maybe we should blame those who did not choose to support Smalltalk decades ago?
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
real engineers build things that can kill people if they do things wrong. they have all the same pressures from management, but they still (theoretically) have standards, and licensing bodies, and like, rules and stuff.
This is part of the current problem. Software Engineers are writing lots of things that can kill you and we don't have any licensing body or laws requiring a PE to make specific applications. It generally means we can't be held responsible, but that cuts both ways. If we're working on a serious application we have nothing to hold back from management if we know the design doesn't pass muster. A PE must attach his signature to his work to approve it so a PE has leverage in the ability to refuse to do so unless the work meets his professional standards. As software engineers they can just take our work any day of the week and throw it into a production system and if we don't like it we can GTFO. So to sum up, we have the same pressures, the same dangers and moral responsibilities, with none of the leverage over management or our peers to enforce professional standards.
a broken word document does not. If your software runs a device that people's lives depend on, then existing negligence laws cover the device just fine (e.g. pacemakers and whatnot).
Software Liability is just the big companies trying to take control. Nothing else (well, there's a healthy dose of fearful stupidity there, but those people are silly, so I don't count 'em).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
In that particular industry, they are held accountable. This is why the software for aviation is so heavily tested and costs many times what commercial software costs.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?