On 08/12/10 1:38 PM, Valdis.Kletnieks@vt.edu wrote:
The second issue is that if you *do* establish a legal precident that software vendors are liable for faults no matter what the contract/EULA says,
It doesn't matter what contract an auto maker makes with someone who purchases the car, if the brakes fail and the car hits ME, I can sue the auto maker due to the defective brakes. If they design the car in a way that a 3rd party can easily tamper with the brakes, and then the car hits me, I can also sue the auto maker. They are legally required to take due care in how they design the car to ensure that innocent bystanders aren't injured or killed by a design defect. IMHO, there's no difference in the core responsibility that software makers should be held to, to ensure that their software isn't easily compromised and used to attack and injure 3rd parties. The EULA is a red herring, as it only applies to the purchaser (who agrees to the EULA when they purchase the computer or software), not to 3rd parties who are injured. If the software doesn't work as designed and the purchaser is unhappy, that's between them and the company they bought the software from. But when it injures a 3rd party, that's a whole different ball game. I truly don't understand why ISP's (who bear the brunt of the burden of the fall-out from the compromised software, as they fight spam and have to provide customer support to users who complain that the "internet is slow" etc.) haven't said ENOUGH. jc