[Sussex] User vs Vendor Liability

nik at wired4life.org nik at wired4life.org
Mon Aug 25 09:27:01 UTC 2003 

Whilst we are throwing stones[1] and casting aspercions and generally
tarring and feathering companies I thought I would return to another
comment which some consultants are pulling up in defence of insercure
software.

Some are suggesting that Users are suffering because they are not
patching their own systems.

Well lets use my old friend, the car analogy.

Here the User drives around in the car with their eyes closed until the
inevitable happens.

In retrospect however we might wonder where the Seatbelts[2], Crumple Zone[3]
and Airbag[4] were to protect the user against their own idoicy.


I find it interesting that many Commercial End User Licence Agreements
contain a few paragraphs which remove liability from the vendor by
stating that they will not be responsible for loss of data or damages.

So lets review


Commercial EULA in software tends towards Insecure Software as most of
the risk to the vendor is removed in the EULA.

Open Source Software (pick a licence scheme) tends towards Secure
software as most Developers and Authors do not wish to risk a close
inspection of the GPL resulting in damage to the community or
themselves.

So who here would purchase a vehicle from a vendor who asked you to
accept all liability for faults and defects within the vehicle !

As my role in my company[5] now involves me spending more time talking to
the Managing Directors and Chief Executives about how Open Source
software is actually redcuing their liability and risk. I dont feel the
need to argue rationally or fairly , as I know that my competitor will
not be doing the same, instead I argue with case studies and examples as
to how Open Source is saving large amounts of money and time for many
companies who utlise it. Of course competitors are welcome to
demonstrate how they achieved the same with commercial software at which
point I say fantastic so we both deliver similar performance now lets
compare COSTS !



Nik

[1] There arent any women here are there ?
[2] User restraint, something like not being root.
[3] Firewall
[4] Backup
[5] Its 3ait( www.3ait.co.uk ) have you heard of it, im the Managing
director. Theres 6 Staff and we provide commercial support for
Debian.




-- 
nik at wired4life.org	http://www.wired4life.org/	Wired4Life, an Answer.

apt-get install zoe-ball
 To many unmet dependancies.
 installation failed.

More information about the Sussex mailing list