[trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance

Andrew Banks andrew at andrewbanks.com
Thu Oct 4 13:28:59 BST 2018


Within the EU, the situation is quite simple... under the General Product Safety Directive, the responsibility is on the manufacturer who placed the item on the market.  Even in a system-of-systems environment, it doesn't matter... it is the manufacturer at the top of the tree who has the legal liability - ie the OEM

Contractual liability may mean that the financial costs ripple down... as with Takata and their airbags.

So, in the case of FOSS being adopted by an OEM or Tier-n, someone will have to sign off that the software is fit-for-purpose - I do not believe "I just downloaded it off the web" would be an acceptable defence in Court

It is interesting to note that in the VW diesel case, it has been mostly high-level execs that have been prosecuted, although an VW "engineer" (who allegedly developed the "device") has also been sent down.


All IMHO
A

-----Original Message-----
From: trustable-software [mailto:trustable-software-bounces at lists.trustable.io] On Behalf Of Paul Sherwood
Sent: 04 October 2018 12:23
To: trustable-software at lists.trustable.io; systemsafety at lists.techfak.uni-bielefeld.de
Subject: [trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance

Hi all,
in recent discussions the topic of 'who goes to jail' has arisen in the 
context of fallout from software design/development/deployment mistakes.

I'm hoping that I'm misunderstanding the situation, because the picture 
that is emerging for me seems to lead to a disconnect between

- the need for evidence of what was done and
- the need for people to be able to work in a safe environment, without 
fear

It may be FUD, but I believe I heard recently that "any engineer 
contributing to an automotive project may ultimately be considered 
personally liable for impacts of their work". Impacts in automotive 
could include recalls and road accidents, obviously. If that's true, why 
would any sane engineer ever agree to contribute to an automotive 
project?

And then there's the FOSS/public work consideration. I recently asked a 
colleague to contribute to a public project, and during spinup this 
question of liability arose, expressly phrased as

"If I contribute, is there any possibility that I or Codethink might 
ultimately be liable for (say) harm resulting from road accidents?"

In the ensuing discussion it was pointed out that:

- if the contribution is to a project applying any of the common FOSS 
licences (Apache, MIT, ISC, GPL etc) then there is expressly NO WARRANTY
- any subsequent application/distribution of that software by another 
party which attempts to enforce a warranty claim on the authors has 
expressly breached the licence, and has effectively stolen and misused 
the software

While this reasoning is attractive, I'm not convinced it's enough to 
convince me that there's no potential liability for individuals.

Are any readers able to guide me on existing literature/reasoning for 
this?

br
Paul





_______________________________________________
trustable-software mailing list
trustable-software at lists.trustable.io
https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software




More information about the trustable-software mailing list