[trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance
Paul Sherwood
paul.sherwood at codethink.co.uk
Thu Oct 4 12:23:17 BST 2018
Hi all,
in recent discussions the topic of 'who goes to jail' has arisen in the
context of fallout from software design/development/deployment mistakes.
I'm hoping that I'm misunderstanding the situation, because the picture
that is emerging for me seems to lead to a disconnect between
- the need for evidence of what was done and
- the need for people to be able to work in a safe environment, without
fear
It may be FUD, but I believe I heard recently that "any engineer
contributing to an automotive project may ultimately be considered
personally liable for impacts of their work". Impacts in automotive
could include recalls and road accidents, obviously. If that's true, why
would any sane engineer ever agree to contribute to an automotive
project?
And then there's the FOSS/public work consideration. I recently asked a
colleague to contribute to a public project, and during spinup this
question of liability arose, expressly phrased as
"If I contribute, is there any possibility that I or Codethink might
ultimately be liable for (say) harm resulting from road accidents?"
In the ensuing discussion it was pointed out that:
- if the contribution is to a project applying any of the common FOSS
licences (Apache, MIT, ISC, GPL etc) then there is expressly NO WARRANTY
- any subsequent application/distribution of that software by another
party which attempts to enforce a warranty claim on the authors has
expressly breached the licence, and has effectively stolen and misused
the software
While this reasoning is attractive, I'm not convinced it's enough to
convince me that there's no potential liability for individuals.
Are any readers able to guide me on existing literature/reasoning for
this?
br
Paul
More information about the trustable-software
mailing list