[SystemSafety] [trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance
Andrew Banks
andrew at andrewbanks.com
Thu Oct 4 14:28:59 CEST 2018
Within the EU, the situation is quite simple... under the General Product Safety Directive, the responsibility is on the manufacturer who placed the item on the market. Even in a system-of-systems environment, it doesn't matter... it is the manufacturer at the top of the tree who has the legal liability - ie the OEM
Contractual liability may mean that the financial costs ripple down... as with Takata and their airbags.
So, in the case of FOSS being adopted by an OEM or Tier-n, someone will have to sign off that the software is fit-for-purpose - I do not believe "I just downloaded it off the web" would be an acceptable defence in Court
It is interesting to note that in the VW diesel case, it has been mostly high-level execs that have been prosecuted, although an VW "engineer" (who allegedly developed the "device") has also been sent down.
All IMHO
A
-----Original Message-----
From: trustable-software [mailto:trustable-software-bounces at lists.trustable.io] On Behalf Of Paul Sherwood
Sent: 04 October 2018 12:23
To: trustable-software at lists.trustable.io; systemsafety at lists.techfak.uni-bielefeld.de
Subject: [trustable-software] Personal and corporate liabilities as a consequence of safety, security and other mistakes of similar importance
Hi all,
in recent discussions the topic of 'who goes to jail' has arisen in the
context of fallout from software design/development/deployment mistakes.
I'm hoping that I'm misunderstanding the situation, because the picture
that is emerging for me seems to lead to a disconnect between
- the need for evidence of what was done and
- the need for people to be able to work in a safe environment, without
fear
It may be FUD, but I believe I heard recently that "any engineer
contributing to an automotive project may ultimately be considered
personally liable for impacts of their work". Impacts in automotive
could include recalls and road accidents, obviously. If that's true, why
would any sane engineer ever agree to contribute to an automotive
project?
And then there's the FOSS/public work consideration. I recently asked a
colleague to contribute to a public project, and during spinup this
question of liability arose, expressly phrased as
"If I contribute, is there any possibility that I or Codethink might
ultimately be liable for (say) harm resulting from road accidents?"
In the ensuing discussion it was pointed out that:
- if the contribution is to a project applying any of the common FOSS
licences (Apache, MIT, ISC, GPL etc) then there is expressly NO WARRANTY
- any subsequent application/distribution of that software by another
party which attempts to enforce a warranty claim on the authors has
expressly breached the licence, and has effectively stolen and misused
the software
While this reasoning is attractive, I'm not convinced it's enough to
convince me that there's no potential liability for individuals.
Are any readers able to guide me on existing literature/reasoning for
this?
br
Paul
_______________________________________________
trustable-software mailing list
trustable-software at lists.trustable.io
https://lists.trustable.io/cgi-bin/mailman/listinfo/trustable-software
More information about the systemsafety
mailing list