E-outline

advertisement
Group E
Roxana Hernandez-Pastrana
Ryan Herring
Jinghua Luo
Kevin Mack
Shahram Rezaei
Software Liability
This document provides an overview of the debate on whether software
companies should be liable for damages incurred due to security flaws in their software.
There are several things that both sides agree on and it is important to mention them first.
Both sides agree that software security is an expensive problem. They also agree that
catching and prosecuting hackers who write malicious viruses should be a top priority.
The agreements are otherwise few and far between. One side thinks that software
companies should be required to pay damages, while the other side thinks that
distributing the cost of security flaws among multiple parties is the solution. The current
legal protocol of using “End-User License Agreements” is a contentious point of debate
with one side claiming they give far too much leverage to software companies, the other
side claiming that companies would be unable to stay in business without them. There
are good arguments on both sides.
Summary
Software companies should be liable for damages associated with security flaws in their
software. This means that companies would be required to pay the costs incurred by
users of the software if a security flaw was exploited by a hacker.
Affirmative

Liability increases the quality of software by forcing companies to consider the
costs of their decision to ignore security flaws.

The cost of the decision to ignore security flaws should be borne by the software
creator.

The threat of liability will level the playing field for software companies and
promote competition.

End-User License Agreements (EULAs) should not be upheld by the courts
because average consumers have no bargaining power and cannot possibly know
what the security flaws in the software are before signing the agreement.

The cost of software might increase, but it will be worth it to have secure
software.
Negative

Companies will simply raise prices to cover their legal charges without increasing
the security of their software.

Small companies will become no match for large companies because legal
charges will be a greater percentage of their costs. This will result in monopoly or
duopoly software industries.

Software can never be bug free, so hackers will always exist. The cost burden of
security flaws should be borne by hackers, network administrators, and consumers
in addition to software companies.

Court cases will take so much time that by the end of the case, the software will
be obsolete due to the pace at which software evolves.

The potential risk of liability will discourage companies from investing in
innovation and will thus hamper the growth of the software industry.

Let the market, rather than lawyers, do the job! If companies produce insecure
software, they will be punished by the market with loss in sales and damaged
reputation as customers turn to more secure software produced by other vendors.
Analysis of the major arguments
Increasing the financial liability of software companies will increase software quality.
Affirmative

Increased liability forces companies to consider the cost of delivering poor
products, giving those companies incentives to invest in quality.

Consumers might have to pay more for products, but at least the product will be
better and they will have legal recourse if the product fails.

Liability will force longer development cycles to ensure quality. Longer
development cycles encourage critical thinking about security and design of
software from the early stages.
Negative

Greater liability increases the cost to software companies, which they will pass on
to consumers in the form of increased prices and in many instances, will likely
result in no improvement in quality. Companies will simply charge more to cover
their legal expenses.

Software can never be bug free, so hackers will always find new ways to exploit
systems. The cost to consumers caused by security failures should be paid by the
criminals who write the viruses.

Longer development cycles mean consumers will be required to wait longer for
products and focus on security means that fewer features will be available. This
decreases the overall value of owning the software.
The cost of security flaws should be incurred by the software company.
Affirmative

The software provider is in the best position to ensure security in their software.
Consumers cannot be expected to know the details of the software in order to
prevent security breaches.

In economics terms, the cost of security failures to consumers is an externality
over which they have no control. Fundamentally, the decision maker (software
company) should bear the cost of its decision (providing flawed software).
Negative

It is not economically sound to place 100% of the cost burden due to security
failures on the software company. The majority of that cost should be incurred by
the hacker who wrote the code to take advantage of the security flaw.
Furthermore, network providers should also incur some of the cost since they are
responsible for ensuring the smooth interaction of many users and software
packages at once.
Increased liability will improve competition among software companies.
Affirmative

Companies will be forced to compete on the quality and price of their software
since they will be held accountable with stiff penalties for making a faulty
product.
Negative

Small companies are going to suffer because those companies can least afford
expensive legal charges. This will cause many companies to go bankrupt leaving
a monopolistic ruler for each particular area of software.

Under the current system, companies can distinguish their product by making it
more secure. This gives consumers with a tradeoff in terms of price, quality and
security.

In the case of a software industry where there is already a monopoly (i.e.
Microsoft), increased liability will simply result in increased prices to end
consumers with no increase in quality. Companies will only have incentives to
raise prices to cover legal expenses.
End-User License Agreements (EULAs) should not be upheld by the courts.
Affirmative

These agreements give far too much leverage to software companies. Consumers
have no bargaining power over the terms of the agreement.

Consumers do not have the opportunity to read the agreements until after having
purchased the software product. Consumers then have no choice but to accept
these agreements as it is usually difficult or impossible to get a refund for a
product.
Negative

These agreements are necessary to avoid endless litigation for software
companies.

Companies cannot foresee all of the possible uses of their product and must
protect themselves from uses that cause problems.
Download