Communications - April 2011

Doi: 10.1145/1924421.1924443

technical Perspective
Liability issues in software engineering
By Daniel M. Berry

ThE foLLowInG PAPER by LeMétayer et al. addresses one technical issue in a large and serious problem in the production of mass-market software (MMSW), that of the lack of liability by the producers of this MMSW. MMSW is software that is sold—actually licensed—to the consumer on the open market.

The Introduction puts the prob-
lem in perspective. It points out cor-
rectly that “Software contracts usually
include strong liability limitations or
even exemptions of the providers for
damagesa caused by their products.”
The authors observe correctly that this
lack of liability “does not favor the de-
velopment of high quality software be-
cause the software industry does not
have sufficient economical incentives
to apply stringent development and
verification methods.”
It must be emphasized that the con-
tracts being discussed are for MMSW.
Such a contract is generally in the
form of a shrink-wrapped, or click-yes-
to-buy, end-user license agreement
(EULA), which the customer must agree
to in order to touch or download the
MMSW. This EULA typically says that
the producer warrants only the medi-
um on which the software is supplied
and nothing at all about the software’s
functions, and that the producer’s li-
ability is limited to the cost of the prod-
uct, that is, you get your money back.

While the authors do not explicitly say so, the contracts of the paper do not include those for bespoke software (BSW) developed to do specific functions for one customer who intends to be the sole user of the BSW when it is finished. In the contract for such BSW, the producer promises to deliver specific functions and agrees to be liable should the BSW be delivered late, with functions missing or incorrectly implemented, and so on.

The difference between contracts a The paper uses the word “damages” both as the law does to mean the cost of the effect of a failure and as the vernacular does to mean the harm caused by the use of a product.

for MMSW and contracts for BSW is
the power of the customer in the con-
tract negotiations. For BSW, the cus-
tomer has a lot of power, able to go to
a competitor if it finds that it is nego-
tiating with an unreasonable producer.
For MMSW, the producer dictates the
terms, its lawyers having written the
EULA even before the MMSW is put on
the market. Basically the producer says
to customers “Take it or leave it!”’
The paper cites several calls for
MMSW producers to warrant the be-
havior of their MMSW and to be sub-
ject to liability for the behavior of their
MMSW, as are manufacturers of con-
sumer electro-mechanical devices.
Among these calls was a paper I wrote
in 2000, comparing the warranties for
typical mass-market consumer appli-
ances, such as vacuum cleaners, to the
EULAs for typical MMSW. After observ-
ing that the appliances in my house
were more reliable than the MMSW on
my computers, I concluded that appli-
ance manufacturers warrant and ac-
cept liability because they are required
to do so by law in most jurisdictions and
that MMSW producers warrant nothing
and accept no liability because they are
not required to do so by law and buyers
show that they accept the situation by
continuing to buy existing MMSW.

The following paper contributes a
way to automatically apportion liabil-
ity among the stakeholders of a system
S constructed for the mass market. It
describes the stakeholders of S as in-
cluding the user and the producers of
any of S’s needed hardware, software,
and Internet supplied services. The
paper assumes that all potentially li-
able stakeholders of S have executed
an informal agreement, expressed in
natural language. For each particular
kind of failure of S to deliver promised
behavior, the informal agreement ap-
portions liability among the stakehold-
ers based on the contributions of the
user, hardware, software, and services
to the failure. The informal agreement
is translated into essentially a program
P, written in set theory and predicate
logic. When S fails to deliver promised
behavior and the affected customer
seeks compensation for that failure,
P is executed to compute each liable
stakeholder’s portion of the damages
payable to the customer.

b http://discuss.it.uts.edu.au/pipermail/re- online/2006-January/ 000219.html/

c http://en.wikipedia.org/wiki/Failure_mode_ and_effects_analysis/

References

1. Feature, M.s. rapid application of lightweight formal methods for consistency analyses. Ieee transactions on software engineering 24 (1998). IEEE Computer Society, los alamitos, ca, 949-959.