The executive branch of the European Union, the European Commission (EC), is considering holding software vendors liable for damages caused as a result of defects in their software products.
Glyn Moody wonders about the impact of this proposal on open source coders. However, as Bruce Schneier, a proponent of the idea, points out:
Free software wouldn't fall under a liability regime because the writer and the user have no business relationship; they are not seller and buyer. ...
There would be an industry of companies who provide liabilities for free software. If Red Hat, for example, sold free Linux, they would have to provide some liability protection. Yes, this would mean that they would charge more for Linux; that extra would go to the insurance premiums.
Bruce is correct in pointing out that the writer of free and OSS code and the user of said code have no business relationship. Hence, there is no liability for the writer.
[ InfoWorld's Bill Snyder wonders whether a recent court ruling raises the risks of open source. | Keep up on the latest open source developments with InfoWorld's open source topic center and newsletter. ]
There is absolutely a buyer/seller relationship when a vendor, such as Red Hat, decides to build a business around the OSS code. Adding liability to the software purchase discussion would almost certainly impact the growth of open source vendors.
Since no software vendor can envision and test for every permutation of how their software will be used, liability insurance premiums must be added to the cost of doing business. This added cost would surely be passed on to customers. One could argue that equivalent costs would be added to established and open source vendor list prices alike. On the other hand, established vendors have a lot more paying customers to spread the insurance premiums over. So maybe this proposal would close the list price gap, making it more difficult for open source vendors to grow beyond the startup stage.
Since most open source business models are predicated on providing customer support when a defect does arise, I wonder whether open source vendors would have to reposition their subscription value propositions. I am not a lawyer, but it seems odd that a vendor could sell a subscription offering that assists customers with defect support if the customer could sue the vendor when a defect causes harm to the customer's business.