Will It Make Any Difference If Software Developers Are Held Liable For Their Code?

Tom Espiner of Business Tech reports that the EU is considering holding software companies responsible for the defects in their product, i.e. code, much the same way they hold other companies liable for their "physical" products. He reports that the European Commission commissioners "...Viviane Reding and Meglena Kuneva have proposed that EU consumer protections for physical products be extended to software. The suggested change in the law is part of an EU action agenda put forward by the commissioners after identifying gaps in EU consumer protection rules."

Critics of this proposal include the Business Software Alliance (BSA), which represents the interests of software makers including Apple, IBM, and Microsoft.

"Digital content is not a tangible good and should not be subject to the same liability rules as toasters," Francisco Mingorance, BSA director of public policy told ZDNet UK on Thursday. "Unlike tangible goods, creators of digital content cannot predict with a high degree of certainty both the product's anticipated uses and its potential performance."

Mingorance said the performance of a piece of software depends on the environment it operates in, how the code is updated, whether it is possible to adapt and modify the software, and whether the code is attacked.

According to Mingorance, the proposed regulatory extension would cover all software, including beta products, and would cover both proprietary and open-source software.

What if this happens as it's being reported? Will this make any difference to the software testing organization? My first reaction is that this will be a boon to the software testing profession and industry. But then I was reminded by what Watts Humphrey terms "defective software that works" from a recent article Does Quality Matter To You?. I think there will be a problem for both sides to define exactly what each software product is intended to do, and hence form the basis for any liability. If we accept that software is tested to the use-model intended for the software, or the "testing footprint", then I would expect anyone defending software companies to more tightly bind their EULAs to a specific use-model, e.g. if you use the software outside what it was intended for, then you're on your own. Which is kind of where we are today with EULAs. But if Watts Humphrey's prediction that "it will take a severe, disruptive, and highly public software failure to get people concerned about software quality”[1] comes true, then I'm sure the legislation that follows will make a difference to both software development and QA in a way that will radically change how we approach software testing. Not convinced? Imagine what would have happened had CAD software been used to design the Tacoma Narrows Bridge.

[1] Humphrey, W., “Defective Software Works”, news@sei newsletter, Number 1, 2004.