[trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance

Paul Sherwood paul.sherwood at codethink.co.uk
Thu Oct 4 12:23:17 BST 2018


Hi all,
in recent discussions the topic of 'who goes to jail' has arisen in the 
context of fallout from software design/development/deployment mistakes.

I'm hoping that I'm misunderstanding the situation, because the picture 
that is emerging for me seems to lead to a disconnect between

- the need for evidence of what was done and
- the need for people to be able to work in a safe environment, without 
fear

It may be FUD, but I believe I heard recently that "any engineer 
contributing to an automotive project may ultimately be considered 
personally liable for impacts of their work". Impacts in automotive 
could include recalls and road accidents, obviously. If that's true, why 
would any sane engineer ever agree to contribute to an automotive 
project?

And then there's the FOSS/public work consideration. I recently asked a 
colleague to contribute to a public project, and during spinup this 
question of liability arose, expressly phrased as

"If I contribute, is there any possibility that I or Codethink might 
ultimately be liable for (say) harm resulting from road accidents?"

In the ensuing discussion it was pointed out that:

- if the contribution is to a project applying any of the common FOSS 
licences (Apache, MIT, ISC, GPL etc) then there is expressly NO WARRANTY
- any subsequent application/distribution of that software by another 
party which attempts to enforce a warranty claim on the authors has 
expressly breached the licence, and has effectively stolen and misused 
the software

While this reasoning is attractive, I'm not convinced it's enough to 
convince me that there's no potential liability for individuals.

Are any readers able to guide me on existing literature/reasoning for 
this?

br
Paul







More information about the trustable-software mailing list