Comments on: EC wants software makers held liable for code

After identifying gaps in EU consumer protection rules, the European Commission is proposing that software makers give guarantees about the security and efficiency of their code.

[Jonboy_1984]

I think this should all depend on the context of the software......

If I buy an Application for word processing I expect it to perform the job well and reliably. I would expect there to be a reasonable degree of backup in the event it went wrong or allowed other things to go wrong - why does my word processor need internet access?

If I buy antivirus than I anticipate the fact that the developers are in a constant battle with various other elements and accept the fact that occasionally they are not going to beat the other team and I would expect the terms and conditions or eula to reflect that fact and set my expectations of thier product in the right arena.

I also understand the fact that should I install software that interacts with the OS in ways the developers couldnt foresee then they shouldnt be held liable, in the same way that peugeot shouldnt be held liable if I decide to drive off a cliff...

[TamarC]

Beside the fact that there's no way to prove correctness or test any non trivial program 100% for bugs under every circumstances, my other big concern about what is classified as a fault. One thing that's often very hard to do is conform to every user's expectation. Is something a bug when one user thinks it should be doing something and it's not? Even though the user's expectations are wrong and implausable, or if a third-party program is influencing the correct workings of the software in question (e.g. drivers in an OS) now such users would hold a company accountable for actions of thirdparty aswell.

This law also stiffen's one's creativity. No one would take a risc on a new way of doing things, perhaps an efficient optimized code (that's too efficient to prove mathematically without spending alot of time and money on) would be rewritten to a less efficient but easier to test variant. Creating slow and bloated but "safe" software.

This is just a joke.

[eldris_]

Totally rediculous. All that will do is harm small time programmers and even people who do it for fun.

Would this law cover only fully working software, or would it cover code samples too? If it were to include code samples, there would be no more tutorial sites for programming, which in the long term could affect the number of people who get into programming. I for one starting learning via the Internet before moving onto a degree.

Also, unlike with hardware it is nearly impossible to find and fix all bugs in a program, even when you only have variables within the program to consider. Add to that different platforms and system customisations and it is guaranteed to be impossible to say you have found all the bugs. You can't test all of those variables.


Faulty software is not going to cause you physical harm for the most part. Software that can harm you should perhaps be subject to the proposed law, however that will likely be covered by the hardware they come with. As to things you install on your own computer, use at your own risk. People who blame their computer on loss of data, identity theft, etc are just plain ignorant, and should not be using computers if they don't understand the risks involved.

[Jim1900]

How about a law banning bad songs, paintings or movies? Or even better, a law banning defective financial transactions that cost the public billions of Euros? I think the EU has a bright future, as long as they stay on their side of the Atlantic.

[shootfirst]

Apple can't really beat this as their software is a vital part of Apple computers to run efficiently and beat their PC counterparts.

I think that software should come with a guarantee that the software makers will fix bugs as they become exploited or someone finds a way to beat an old security policy. Microsoft and other companies leave in vulnerabilities so that things will continue to work and they can sell their software. I think true open source is doing its part to make sure they clean up their code, however proprietary don't as they keep things under wraps and offer the consumer no way to fix the issue legally without violating the license. There should be a way for a group to view proprietary code at the price of proprietary software makers to make sure that their code is up to par as we do need those kinds of protection. Open source deserves a pass as free is free and they generally already do this.

Lets face it there is some sort of software/firmware in all electronic devices and they are considered part of the guarantee of the product and there is no reason that software for any device should be able to bypass this standard and if software makers screw their customer base by writing BS code they should be made to pay, anyone feel like taking a bite out of M$ and intel for screwing customers for Vista capable computers and the premature release of Vista aka Windows 7.

Sure this will slow down the development process and may lead to some code getting stolen, but computer software is vitally important to all functions of society now and it needs to reflect that it is something that consumers can use. I hope that this paves the way of getting rid of proprietary and open the world to open source which is our true best option when it comes to protecting us the consumers.

[Jim1900]

Your agenda of bankrupting MS to push open source is a little too obvious. Who is to say when a software release is "premature"? Do you trust the marketplace or the EU regulators to make that decision? That would apply to open source as well. You won't get a free pass.

[mosndup]

What EU wants is to avoid commercial spying; usually practiced by the Echelon brothers !

[contentcreator--2008]

The EU should table this measure until they guarantee that each of their legal edicts is 100% free of typos, unintended side-effects, loopholes that may be exploited by unscrupulous lawyers, or structural defects that may lead to a crash of the world financial system. If they claim to meet this criterion, then by definition they have already covered all necessary laws and this one is not needed.

[ejschlapp]

How will blame for an application bug be determined?

A good software developer will leverage other programmer's source code by using libraries to the extent that only a small portion of the entire application binary comes from the author. Non trivial applications dynamically link with libraries that come with the OS. In addition, applications indirectly interact with device drivers that are of varying quality.

Which party is responsible for application bugs due to transient hardware problems. Almost all laptop and desktop DRAM is NOT protected by ECC resulting in transient unreported memory errors that could affect a running application. If the user doesn't pay for server class hardware reliability, can they expect their applications to work absolutely flawlessly.

[nicmart]

The result would be the death of risk and innovation. Companies would spend all their time producing staid code that would be tested interminably.

You can't serve two masters. It can be government or it can be consumers, but not both.

[Captain Bebops]

Yup, once again we see that government officials are not qualitied to make such rules. For software they should have a background of at least 10 years of professional programming. Only then they may begin to understand the implications of the rules they propose. Otherwise it is like a member of the audience telling a concert pianist how to play the piano.

[albatman]

I am a software developer and I have to say that our industry produces total garbage. 90% of programmers have no clue what they are doing, and the other 10% try to patch what the majority is producing. If cars were produced with the same standards I would never be in a car again.
It's about time that vendors make guarentees for quality of their software, so they stop creating software with such poor quality.

[gsigas]

That is a bit harsh. I would argue that most experienced software developers do have a clue what they are doing but tend to be limited by management and market forces in what they are allowed to do. I would say that of those 90% producing garbage the majority of them that are experienced know full well they are producing garbage (and hate it) but are not given the time or resources to produce non-garbage because the garbage is accepted by the market and the vendors are not going to spend the extra time and resources to produce non-garbage if it makes them less competitive.

[unknown unknown]

@bigpicture scratch the surface and I guarantee you it's every bit as rotten.

[X-C3PO]

Should EU first to have a law to guarantee the commission it will not make an error forever?

[rturner2]

What a joke.

This idea is obviously put forward by a person that has never written a line of code in his/her life.

This would kill innovation big time.

[Captain Bebops]

Further what happens to the development of niche market products? Often these are done by one programmer with expertise in the field and might only make chump change. Large companies won't be interested in this at all. This includes your PDA and Smartphone apps. People drafting this type of bill are so ignorant.

[gsigas]

It is possible to make software that is reliable enough to warranty (although such software would tend to be very expensive and take a long time to release and update). This is because a warranty does not mean that a product will not fail, it just means that it will perform what the manufacturer promised under the conditions the manufacturer specified. Liability is also limited by professional standards. This means that even if the software fails and causes catastrophic damage to a customer, if it can be shown that it was performing to generally accepted professional standards there would be no liability because it could be assumed to fall under the consumer's assumption of risk (i.e. the consumer is responsible for limiting their damage by taking steps to protect themselves from loss when they do risky things such as use software). The theory behind this is that software use, by its nature, has some inherent risk that place some of the liability in the hands of the consumer by the simple act of using the software and is risk that cannot be removed by any manufacturer (so consumers are expected to take extra steps like backup data, have fail-overs/contingencies, etc). Part of the issue here is that the consumers (and lawmakers) do not fully realize the risks inherent in using any software (regardless of how well designed) and in their responsibility to protect themselves from those risks.

[aka_tripleB]

It really sounds like Europe is hellbent on entering a new dark age. Serious, if you make it a crime to have less than perfect technology, software or hardware, you will not see anything new until that law is changed.

[Kirikera]

In every industry, the builders or manufacturers are responsible for their products. A bridge builder is liable if it collapses. A soft drink manufacturer is liable if it contains dirt. Should not software builders also be responsible for their code? If not them, then who is responsible? Among all industries, software developers make the most money, and should they not be responsible for their work? I am a software developer myself, and I do believe that we should be responsible for our work.

[Imalittleteapot]

" I am a software developer myself"

Well then perhaps you'll entertain me. Since you're a software developer could you please grace us with a single line of code that's bug free and that'll work properly as the user expects in every situation a user of your software may encounter?

[biffhenerson]

LOL! How much are they willing to pay for this rock solid code? Let see... Microsoft Office would be about $5,000 a copy. Firefox would be $800 per copy rather than free. How about a law that says automobiles can NEVER break down. Or cable TV should never go out. Better yet, how about a law that says that all laws shall have no loopholes. We sink billions into NASA and its very very simple software on-board the shuttle. Yet there are still bugs found. How much does perfect cost? Perhaps its an infinite cost. Just send the bill to the EU.

[Imalittleteapot]

Yeah but FF is worth the $800 right? Well maybe it wouldn't be then lol. Who would write the extensions for FF lol?

[pentest]

A UL-like organization for software is necessary and will eventually happen.

The only programmers I know who are against it are incompetent anyway, and shouldn't be writing code.

[Imalittleteapot]

Alright since you feel that way this challenge should be easy. Since nobody else has taken it up, perhaps you'll take it. Could you please grace us with a single line of code that's bug free and that'll work properly as the user expects in every situation? Should be easy right? It's just one line right? Software has thousands or millions.

Remember, if I can find a situation where you code doesn't work like the user expects you'll be sued (hypothetically). Wanna play?