[LINK] "New Laws: Thou Shalt Patch"
Chirgwin, Richard
Richard.Chirgwin@informa.com.au
Wed, 1 Aug 2001 13:38:10 +1000
Rik Harris writes:
>Most commodity software comes with a license that says it's not to be
>used in situations (medical, air, nuclear) where safety is critical -
>so it's seen as legitimate to claim 'caveat emptor'.
>
>I'm not sure that a public liability claim would stand up in this
>situation unless the company is writing software for medical equipment
>(for example).
As I recall, there was a motor vehicle recall because of a suspected
software fault in the engine management computer - late last year? Ford,
again?
The "caveat emptor" on software licenses is fair to a degree - if I use
consumer software in a safety-critical system, it's my own silly fault. But
that statutory regulation is different from the (in Australia) common-law
principle that a product should be fit for the purpose for which it is sold.
Questions:
a) Does the widespread expectation that software will crash weaken a
common-law claim?
b) What would constitute a "reasonable expectation" of software quality
(since 100% is beyond our grasp)?
c) Where is the line between safety-critical and non-safety-critical? For
eg: the software in a heart monitor is safety-critical. My word processor is
not. But what of the case of Canterbury Hospital (I think) in Sydney, where
a badly-coded database UI led to the wrong drugs being dispensed from the
hospital pharmacy? My bet is that such a system runs on a commercial OS (if
not MS then a Unix and a database) - and I'd also wager that nobody even
considered in advance whether the product liability waivers applied in that
case.
Richard Chirgwin
-----Original Message-----
From: Rik Harris [mailto:Rik.Harris@fulcrum.com.au]
Sent: Wednesday, 1 August 2001 10:42
To: Rick Welykochy; Grant Bayley
Cc: 2600-list@wiretapped.net; link@www.anu.edu.au
Subject: Re: [LINK] "New Laws: Thou Shalt Patch"
On Wed, Aug 01, 2001 at 09:54:49AM +1000, Rick Welykochy wrote:
> On Wed, 1 Aug 2001, Grant Bayley wrote:
>
> > >From Wired:
> > http://www.wired.com/news/politics/0,1283,45692,00.html
> [SNIP]
> > But that may be changing. Federal rules that will make it obligatory for
> > specific sectors to download virus patches are already here, and more
are
> > coming.
>
> Let me see now ...
>
> 1. Ford Motor Co. produces a car with a defect. The defect turns out
> be a possible source of injury. The result: Ford is *legally liable*
> to recall and fix said vehicles.
>
> 2. Johnson & Johnson produce defective silicon breast implants. Even
> though J&J rigorously defends itself against a class action, it
> is found guilty of its breach of care to its customers and pays
> out $100's of millions in damages.
>
> 3. There are countless further examples of the *company or agency*
> that produces the faulty product being culpible. As a matter of
> fact, I'm hard pressed to find an example where the *customer*
> who uses a faulty product is found to be liable to take any actions
> of any sort.
While I kind of agree with your argument about faulty products and
software being included in this category, your examples are all related
to safety (as are most product recalls). They are therefore covered by
safety regulations (or at least the companies that supply them public
liability insurance), rather than the companies doing this out of the
goodness of their hearts.
Most commodity software comes with a license that says it's not to be
used in situations (medical, air, nuclear) where safety is critical -
so it's seen as legitimate to claim 'caveat emptor'.
I'm not sure that a public liability claim would stand up in this
situation unless the company is writing software for medical equipment
(for example).
rik.
--
~ Specialists in IT Infrastructure ~
* Managed Services * Consulting * Product Supply & Support *
Rik Harris The Fulcrum Group of Companies
Chief Technology Officer Level 8, 628 Bourke Street
ph: +61-3-8601-6100 Melbourne VIC 3000
fx: +61-3-8601-6199 Australia