SlideShare a Scribd company logo

Software liability

Download as PPT, PDF
ALIAS Network
ALIAS Network

This document discusses software and product liability. It examines whether software manufacturers should be held strictly liable for software defects or if negligence standards should apply. It analyzes arguments for and against strict liability, including encouraging risk spreading, compensation of injured parties, and potential negative impacts on innovation. The document also discusses issues like contributory negligence, distinguishing manufacturing vs design defects, liability for security updates, autonomous systems, and open source software. It provides examples of legal cases involving software liability.

Technology
1 of 17
Software and product liability Giuseppe Contissa | European University Institute
Strict liability vs negligence • should software manufacturers be held strictly liable for software defects? • If computer software is deemed to be a service, then a manufacturer is generally not liable in tort, absent some negligent behaviour or intentional misconduct. • If computer software is deemed to be a product, then a manufacturer may be liable under strict liability or negligence. • "aeronautical chart" cases • To date, there are no reported decisions in the United States holding a software vendor liable under a strict liability theory (Scott 2008).
Strict liability (1) • Software manufacturers should be held strictly liable because: • strict liability would encourage risk spreading • strict liability would encourage the manufacturer to purchase products liability insurance, thus passing the cost of the insurance onto the users of the product. (issues: insurance is not easy to obtain, higher prices) • liability under a negligence theory may be unavailable • the injured party, in a negligence action, faces the burden of showing that there was a lack of due care in the design or manufacture of the computer software. • in the more complex and advanced computer software, it may be extremely difficult for a consumer or user of the computer software to identify the lack of due care by the manufacturer which was responsible for the defect.
Strict liability (2) • Software manufacturers should be held strictly liable because: • strict liability forces manufacturers to take precautions before marketing their product • Manufacturer are in the best position to know all potential defects and potential harms that their products might cause. Forcing manufacturers to pay for personal injuries created by software defects will encourage them to be more careful. • injured party will be adequately compensated • the application of strict liability to computer software defects would ensure that injured plaintiffs receive adequate compensation for their injuries, especially in fields such ATM, where defective computer software may result in serious personal injury or death. • manufacturer makes a representation of product safety • implicit in a product's presence on the market is a representation that the product will safely do the jobs for which it was built. By placing the computer software on the market, the computer software manufacturer should be forced to assume liability for any injury caused by the computer software which was unreasonably dangerous
negligence • Software manufacturers should NOT be held strictly liable because: • strict liability will cause an undue burden upon computer software manufacturers • it is essential to balance the need for the adoption of softwares and automation with the risk involved in their malfunctions. In balancing the need versus the harm, it is crucial to look at the costs and risk of damage had the computer program not been used, and if there are other efficient and safe methods of carrying out the same function. • strict products liability would hamper innovation • Implementation of strict products liability would discourage the research and development of potentially life saving / safety enhancing / efficient software. If computer software manufacturers were to face strict liability for defects in computer software which they did not know about and could not prevent, many manufacturers would discontinue "cutting edge" ventures
Contributory negligence • Contributory negligence or victim fault should be recognized in all cases of liability, both fault and strict: • An efficient liability rule would require that the operator bear the cost of avoidable harm, (avoidable by due care), excluding those harms that victims can prevent more cheaply (Calabresi -cheapest cost avoider) • If contributory negligence is not a defense, then any liability rule is potentially inefficient (Bergkamp)
Manufacturing defects vs. design defects • is a software bug a manufacturing defect or a design defect? • A manufacturing defect is one that differs from the intended result of the manufacturer or from other identical items of the same production line (production flaw) • A design defect, instead, exists where the product is designed in such a way that it carries an inherent risk of harm in normal use. • Strict products liability is equally applicable to both manufacturing defects and design defects, although it is often easier to apply strict products liability to a manufacturing defect. • Design defect has higher burden of proof (reasonable alternative design, level of expected safety) • State of the art defence • "risk/utility” test (B < PL)
software liability in relation to patches and updates • Is there a responsibility for failure to check adequately for bugs? • manufacturers’s responsibilities would include carefully formulating the design of the software to prevent vulnerabilities that can be exploited by hackers and other third parties, properly implementing the design in code, thoroughly testing the code to expose any vulnerabilities, and revising the code to remove the vulnerabilities before releasing the software to the public. • Is the developer responsible for providing a patch/update? Is there a user's contributory negligence? • Usually, many of these errors are discovered only after the software has been distributed. Three software liability policies has been investigated (in relation to security): 2. Loss Liability Policies, where the software vendor/manufacturer is liable to partially or fully compensate users’ losses incurred in case of attack/damage 3. Patch Liability Policies, where the software vendor/manufacturer is held liable to compensate patching costs incurred by users if a vulnerability/error is discovered before the damage is produced 4. Security Standards Policies, where regulation enforces a certain standard of security to be achieved by the vendor/manufacturer during software development to mitigate security vulnerabilities.
liability and autonomous software • In certain circumstances, when a damage is caused by the use of defective autonomous software/automated systems, human operators (e.g. pilots) should be shielded from liability because they are relying on automated systems to fulfill their tasks (e.g. GPS/autopilots to guide them to the correct destination). • However, if no design/manufacturing defects are detected, the user would be responsible under (a sort of) vicarious liability, rather than liability of the custodian. • Therefore, in analogy with vicarious liability, when software's performances are below a certain standard, the user would be liable even if he was not negligent. • In this scenario, what would be the appropriate standard to be taken into account? Maybe, the level of care that would be expected from a human being executing the same task delegated to the autonomous system.
liability for open source software • The peculiar characteristic of open source software is that it is distributed under the form of source code, while the distribution of the executable code is only optional. • In such a case, should liability be framed as liability for misleading/inaccurate/wrong information? • In the US, providers of items containing certain forms of “information” have been exempted from strict product liability, even in cases where the item in question has been mass produced (Book Cases).
Law and economics analysis • Law and economics models help us to analyse the effect of liability on incentives • whether to engage in activities • how much care to exercise to reduce risk when doing so • Cost internalization theory: 5.It creates incentives to prevent damages taking care (preventive measures to reduce risk) 6.It would further risk (or loss) spreading 7.It would cause the price of activities to increase, resulting in lower activity levels
Liability for accidents (Shavell): optimal care • Let x be expenditures on care (or the value of effort devoted to it) and p(x) be the probability of an accident that causes harm h (p decreases when x increases). • Assume that the social objective is to minimize total expected costs, x + p(x)h, and let x∗ denote the optimal x. • under both forms of liability, strict liability and the negligence rule, injurers are induced to take optimal care (x∗ ). • a regime of strict liability with contributory negligence induces the socially optimal level of care by both parties.
Liability for accidents (Shavell): level of activity • Let z be the level of activity • Let b(z) be the injurer’s benefit from the activity, (b increases when z increases) • z(x + p(x)h) is the total cost of care and expected harm given z • Under strict liability, an injurer will choose both the optimal level of care x∗ and the optimal level of activity z∗, as his objective is the same as the social objective, to maximize b(z) − z(x + p(x)h) • Under the negligence rule, an injurer will choose optimal care x∗, but his level of activity z will be socially excessive. • The explanation for the excessive level of activity is that the injurer’s cost of raising his level of activity is only his cost of care x∗ , which is less than the social cost, as that also includes p(x∗ )h. • Open issue: burden of proof
Software liability • intrinsic software (user does not interact directly with the software, e.g software embedded in planes or automobiles) • extrinsic software (pc application) • intrinsic and extrinsic software may be key to a socially efficient liability regime, because the economic theory of product liability law prescribes the assignment of liability to the party who controls the risk • strict liability rule may not be socially optimal for extrinsic software, because it would not induce the consumer to exercise due care in the installation, operation, and use of the software
Software liability in ATM: Überlingen (1) • First Instance Court N. 34 of Barcelona, Spain (2010) • plaintiffs representing thirty-one (31) of the Russian passengers (Bashkirian Airlines Flight 2937) • Defendants: The manufacturers of the TCAS, Honeywell International, Inc. (“Honeywell”) and Aviation Communication & Surveillance Systems (“ACSS”) • the Spanish Court found that two alleged defects of the TCAS had not been proven: (1) the alleged fault in the RA Reversal system; and (2) the alleged existence of a new version of TCAS software available to correct the claimed problems of the earlier version that defendants had failed to implement. • However, the Court did find that plaintiff had proven a third alleged defect, i.e., that the TCAS II Pilot’s Guide failed to clearly set forth the priority of TCAS advisories over conflicting air traffic control orders.
Software liability in ATM: Überlingen (2) • Product Liability • "[T]he lack of adequate instructions and warnings in the defendants’ TCAS Pilot’s Guide […] contributed towards the Tupolev pilot’s error that caused the accident and, accordingly, we can conclude that this information defect contributed substantially to the damage, being part of one of its causes. For this reason, the defendants shall be liable for the damages caused." • The Court rejected plaintiffs’ claims for survival damages. The Court also rejected plaintiffs’ claims for punitive damages. • The Court found that Honeywell was not liable for non-monetary damages • ACSS was liable for non-monetary damages ($5,991,501) • plaintiffs were awarded a total of $10,459,810.50 in damages for the deaths of 30 persons, including $6,723,639.45 as to ACSS and $3,736,171.05 as to Honeywell13 – an average of $348,660.35 per decedent. The decision is currently subject to appeal.
Software liability in ATM: Überlingen • “Forum shopping” • 22nd Convention on the Law Applicable to Products Liability, signed in The Hague on October 2, 1973 • currently in force in 11 European countries (Spain, France, the Netherlands, Croatia, Finland, Luxembourg, Montenegro, Norway, Serbia, Slovenia, and FYROM) (6 of them are also party of Rome II) • Article 6 applies the law of the manufacturer's principal place of business unless the claimant bases his claim on the law of the place of injury. • Article 11 establishes that there is no requirement for the Convention to have been adopted by the country to whose law Articles 6 points. • On these grounds judges applied apply Arizona law for ACSS and New Jersey law for Honeywell.

Recommended

Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
Zaheer Irshad
 
6 software contracts
6 software contracts6 software contracts
6 software contracts
Saqib Raza
 
anatomy of a sw house
anatomy of a sw houseanatomy of a sw house
anatomy of a sw house
Hamza Cheema
 
intellectual property rights
intellectual property rights intellectual property rights
intellectual property rights
Hamza Cheema
 
ACM code of ethics
ACM code of ethicsACM code of ethics
ACM code of ethics
Muhammad Haroon
 
Frame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison UniversityFrame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison University
touseefaq3
 
01 computing
01 computing01 computing
01 computing
Sulman Ahmed
 
Professional ethics in_computing
Professional ethics in_computingProfessional ethics in_computing
Professional ethics in_computing
Uc Man
 

Recommended

Computer misuse and criminal law
Computer misuse and criminal lawComputer misuse and criminal law
Computer misuse and criminal law
Zaheer Irshad
 
6 software contracts
6 software contracts6 software contracts
6 software contracts
Saqib Raza
 
anatomy of a sw house
anatomy of a sw houseanatomy of a sw house
anatomy of a sw house
Hamza Cheema
 
intellectual property rights
intellectual property rights intellectual property rights
intellectual property rights
Hamza Cheema
 
ACM code of ethics
ACM code of ethicsACM code of ethics
ACM code of ethics
Muhammad Haroon
 
Frame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison UniversityFrame Work of Employee Relation Law , Lahore Garrison University
Frame Work of Employee Relation Law , Lahore Garrison University
touseefaq3
 
01 computing
01 computing01 computing
01 computing
Sulman Ahmed
 
Professional ethics in_computing
Professional ethics in_computingProfessional ethics in_computing
Professional ethics in_computing
Uc Man
 
IEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsIEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/Ethics
Muhammad Amjad Rana
 
Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice
Saqib Raza
 
Ethics and computing profession
Ethics and computing professionEthics and computing profession
Ethics and computing profession
shahmansoor109
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
Hamza Cheema
 
Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering
Qarshi University, PUCIT - Punjab University College of Information Technology
 
Codes of ethics
Codes of ethicsCodes of ethics
Codes of ethicsEyelean xilef
 
System Analysis and Design
System Analysis and DesignSystem Analysis and Design
System Analysis and Design
Aamir Abbas
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
Upekha Vandebona
 
Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law
sohaildanish
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
Maria Stella Solon
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver PresentationTuhin_Das
 
Ieee code of ethics
Ieee code of ethicsIeee code of ethics
Ieee code of ethics
Waqar Ahmad
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Professional societies
Professional societiesProfessional societies
Professional societies
Sulman Ahmed
 
20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Accountability And Auditing In Professional Practice
Accountability And Auditing In Professional PracticeAccountability And Auditing In Professional Practice
Accountability And Auditing In Professional Practice
Syed Hassan Ali
 
Software Liability.pptx
Software Liability.pptxSoftware Liability.pptx
Software Liability.pptx
RaeesKhan691281
 
System Modelling
System ModellingSystem Modelling
System Modelling
Jennifer Polack
 
The ethics of software engineering
The ethics of software engineeringThe ethics of software engineering
The ethics of software engineering
jndatirwa
 
Ethics in computing
Ethics in computingEthics in computing
Ethics in computingLakshan Bamunusinghe
 
Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
Priyanka Aash
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpointLonda77
 

More Related Content

What's hot

IEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsIEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/Ethics
Muhammad Amjad Rana
 
Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice
Saqib Raza
 
Ethics and computing profession
Ethics and computing professionEthics and computing profession
Ethics and computing profession
shahmansoor109
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
Hamza Cheema
 
System Analysis and Design
System Analysis and DesignSystem Analysis and Design
System Analysis and Design
Aamir Abbas
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
Upekha Vandebona
 
Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law
sohaildanish
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
Maria Stella Solon
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver PresentationTuhin_Das
 
Ieee code of ethics
Ieee code of ethicsIeee code of ethics
Ieee code of ethics
Waqar Ahmad
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
Milinda Wickramasinghe
 
Professional societies
Professional societiesProfessional societies
Professional societies
Sulman Ahmed
 
20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Accountability And Auditing In Professional Practice
Accountability And Auditing In Professional PracticeAccountability And Auditing In Professional Practice
Accountability And Auditing In Professional Practice
Syed Hassan Ali
 
Software Liability.pptx
Software Liability.pptxSoftware Liability.pptx
Software Liability.pptx
RaeesKhan691281
 
System Modelling
System ModellingSystem Modelling
System Modelling
Jennifer Polack
 
The ethics of software engineering
The ethics of software engineeringThe ethics of software engineering
The ethics of software engineering
jndatirwa
 

What's hot (20)

IEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/EthicsIEEE Code Of Conduct/Ethics
IEEE Code Of Conduct/Ethics
 
Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice Software Engineering Code Of Ethics And Professional Practice
Software Engineering Code Of Ethics And Professional Practice
 
Ethics and computing profession
Ethics and computing professionEthics and computing profession
Ethics and computing profession
 
computer misuse n criminal law
computer misuse n criminal lawcomputer misuse n criminal law
computer misuse n criminal law
 
Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering Chapter 1: Professional Issues in Software Engineering
Chapter 1: Professional Issues in Software Engineering
 
Codes of ethics
Codes of ethicsCodes of ethics
Codes of ethics
 
System Analysis and Design
System Analysis and DesignSystem Analysis and Design
System Analysis and Design
 
Need for Software Engineering
Need for Software EngineeringNeed for Software Engineering
Need for Software Engineering
 
Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law Computer Miss-use and Criminal Law
Computer Miss-use and Criminal Law
 
Professional Ethics of IT
Professional Ethics of ITProfessional Ethics of IT
Professional Ethics of IT
 
Clientserver Presentation
Clientserver PresentationClientserver Presentation
Clientserver Presentation
 
Ieee code of ethics
Ieee code of ethicsIeee code of ethics
Ieee code of ethics
 
Ethics in-information-security
Ethics in-information-securityEthics in-information-security
Ethics in-information-security
 
Professional societies
Professional societiesProfessional societies
Professional societies
 
20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology20CS2024 Ethics in Information Technology
20CS2024 Ethics in Information Technology
 
Accountability And Auditing In Professional Practice
Accountability And Auditing In Professional PracticeAccountability And Auditing In Professional Practice
Accountability And Auditing In Professional Practice
 
Software Liability.pptx
Software Liability.pptxSoftware Liability.pptx
Software Liability.pptx
 
System Modelling
System ModellingSystem Modelling
System Modelling
 
The ethics of software engineering
The ethics of software engineeringThe ethics of software engineering
The ethics of software engineering
 
Ethics in computing
Ethics in computingEthics in computing
Ethics in computing
 

Similar to Software liability

Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
Priyanka Aash
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpointLonda77
 
Liability Issues in Autonomous and Semi-Autonomous Systems
Liability Issues in Autonomous and Semi-Autonomous SystemsLiability Issues in Autonomous and Semi-Autonomous Systems
Liability Issues in Autonomous and Semi-Autonomous Systems
John Buyers
 
professional Issues in COmputer science and Engineering
professional Issues in COmputer science and Engineeringprofessional Issues in COmputer science and Engineering
professional Issues in COmputer science and Engineering
Mohibullah Saail
 
20cs2024 Ethics in Information Technology
20cs2024 Ethics in Information Technology20cs2024 Ethics in Information Technology
20cs2024 Ethics in Information Technology
Kathirvel Ayyaswamy
 
Safety and risk
Safety and riskSafety and risk
Safety and risk
SKS
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED
bugcrowd
 
1606125427-week8.pptx
1606125427-week8.pptx1606125427-week8.pptx
1606125427-week8.pptx
SumbalIlyas1
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
Black Duck by Synopsys
 
Marketing of services Australian Education
Marketing of services Australian EducationMarketing of services Australian Education
Marketing of services Australian Education
Sourav Biswas
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
Chris Bailey
 
Ethics and TechnologyACM Code of Ethics Project Guidelines.docx
Ethics and TechnologyACM Code of Ethics Project Guidelines.docxEthics and TechnologyACM Code of Ethics Project Guidelines.docx
Ethics and TechnologyACM Code of Ethics Project Guidelines.docx
SANSKAR20
 
Project Planning and Management.pptx
Project Planning and Management.pptxProject Planning and Management.pptx
Project Planning and Management.pptx
vishnupriyapm4
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for Java
Tim Ellison
 
MIT520 software architecture assignments (2012) - 1
MIT520 software architecture assignments (2012) - 1MIT520 software architecture assignments (2012) - 1
MIT520 software architecture assignments (2012) - 1
Yudep Apoi
 
Owasp_Security_Labeling_System
Owasp_Security_Labeling_SystemOwasp_Security_Labeling_System
Owasp_Security_Labeling_SystemluisenriquezA
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source softwareaamatya
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source software
aamatya
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
abe8512000
 

Similar to Software liability (20)

Legal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity VulnerabilitiesLegal Liability for IOT Cybersecurity Vulnerabilities
Legal Liability for IOT Cybersecurity Vulnerabilities
 
Blog powerpoint
Blog powerpointBlog powerpoint
Blog powerpoint
 
Liability Issues in Autonomous and Semi-Autonomous Systems
Liability Issues in Autonomous and Semi-Autonomous SystemsLiability Issues in Autonomous and Semi-Autonomous Systems
Liability Issues in Autonomous and Semi-Autonomous Systems
 
professional Issues in COmputer science and Engineering
professional Issues in COmputer science and Engineeringprofessional Issues in COmputer science and Engineering
professional Issues in COmputer science and Engineering
 
20cs2024 Ethics in Information Technology
20cs2024 Ethics in Information Technology20cs2024 Ethics in Information Technology
20cs2024 Ethics in Information Technology
 
Safety and risk
Safety and riskSafety and risk
Safety and risk
 
7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED7 Bug Bounty Myths, BUSTED
7 Bug Bounty Myths, BUSTED
 
Reliability
ReliabilityReliability
Reliability
 
1606125427-week8.pptx
1606125427-week8.pptx1606125427-week8.pptx
1606125427-week8.pptx
 
Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016Open Source Outlook: Expected Developments for 2016
Open Source Outlook: Expected Developments for 2016
 
Marketing of services Australian Education
Marketing of services Australian EducationMarketing of services Australian Education
Marketing of services Australian Education
 
JavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for JavaJavaOne2013: Secure Engineering Practices for Java
JavaOne2013: Secure Engineering Practices for Java
 
Ethics and TechnologyACM Code of Ethics Project Guidelines.docx
Ethics and TechnologyACM Code of Ethics Project Guidelines.docxEthics and TechnologyACM Code of Ethics Project Guidelines.docx
Ethics and TechnologyACM Code of Ethics Project Guidelines.docx
 
Project Planning and Management.pptx
Project Planning and Management.pptxProject Planning and Management.pptx
Project Planning and Management.pptx
 
Secure Engineering Practices for Java
Secure Engineering Practices for JavaSecure Engineering Practices for Java
Secure Engineering Practices for Java
 
MIT520 software architecture assignments (2012) - 1
MIT520 software architecture assignments (2012) - 1MIT520 software architecture assignments (2012) - 1
MIT520 software architecture assignments (2012) - 1
 
Owasp_Security_Labeling_System
Owasp_Security_Labeling_SystemOwasp_Security_Labeling_System
Owasp_Security_Labeling_System
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source software
 
Ethical consideration in open source software
Ethical consideration in open source softwareEthical consideration in open source software
Ethical consideration in open source software
 
Computrace Laptop Security Solutions
Computrace Laptop Security SolutionsComputrace Laptop Security Solutions
Computrace Laptop Security Solutions
 

More from ALIAS Network

Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
ALIAS Network
 
Luca Falessi - the caa perspective on the future of atm
Luca Falessi - the caa perspective on the future of atmLuca Falessi - the caa perspective on the future of atm
Luca Falessi - the caa perspective on the future of atm
ALIAS Network
 
Ken Carpenter - application of legal case to acas x
Ken Carpenter - application of legal case to acas xKen Carpenter - application of legal case to acas x
Ken Carpenter - application of legal case to acas x
ALIAS Network
 
Ken Carpenter - a new generation of airborne collision avoidance systems acas x
Ken Carpenter - a new generation of airborne collision avoidance systems acas xKen Carpenter - a new generation of airborne collision avoidance systems acas x
Ken Carpenter - a new generation of airborne collision avoidance systems acas x
ALIAS Network
 
Damiano Taurino - operational usages and regulatory framework of rpas
Damiano Taurino - operational usages and regulatory framework of rpasDamiano Taurino - operational usages and regulatory framework of rpas
Damiano Taurino - operational usages and regulatory framework of rpas
ALIAS Network
 
Anthony Smoker - the ifatca perspective on the future of atm
Anthony Smoker - the ifatca perspective on the future of atmAnthony Smoker - the ifatca perspective on the future of atm
Anthony Smoker - the ifatca perspective on the future of atm
ALIAS Network
 
Anthony Smoker - the atcos perspective on RPAS: The IFATCA view
Anthony Smoker - the atcos perspective on RPAS: The IFATCA viewAnthony Smoker - the atcos perspective on RPAS: The IFATCA view
Anthony Smoker - the atcos perspective on RPAS: The IFATCA view
ALIAS Network
 
Dennis Shomko - rpas industry perspective: who’s in charge?
Dennis Shomko - rpas industry perspective: who’s in charge?Dennis Shomko - rpas industry perspective: who’s in charge?
Dennis Shomko - rpas industry perspective: who’s in charge?
ALIAS Network
 
Roger Sethsson - insurance perspective on automation and innovation in aviation
Roger Sethsson - insurance perspective on automation and innovation in aviationRoger Sethsson - insurance perspective on automation and innovation in aviation
Roger Sethsson - insurance perspective on automation and innovation in aviation
ALIAS Network
 
Luca Save - a human factors perspective: the loat
Luca Save - a human factors perspective: the loatLuca Save - a human factors perspective: the loat
Luca Save - a human factors perspective: the loat
ALIAS Network
 
Giovanni Sartor - addressing legal and social aspects the alias project
Giovanni Sartor - addressing legal and social aspects the alias projectGiovanni Sartor - addressing legal and social aspects the alias project
Giovanni Sartor - addressing legal and social aspects the alias project
ALIAS Network
 
Amedeo Santosuosso - judicial approaches on rpas
Amedeo Santosuosso - judicial approaches on rpasAmedeo Santosuosso - judicial approaches on rpas
Amedeo Santosuosso - judicial approaches on rpas
ALIAS Network
 
Alfredo Roma - addressing liabilities with rpas
Alfredo Roma - addressing liabilities with rpasAlfredo Roma - addressing liabilities with rpas
Alfredo Roma - addressing liabilities with rpas
ALIAS Network
 
Stefano Prola - IATA input in alias legal case
Stefano Prola - IATA input in alias legal caseStefano Prola - IATA input in alias legal case
Stefano Prola - IATA input in alias legal case
ALIAS Network
 
Carolina Rius Alarco - liabilities and automation in aviation - rpas
Carolina Rius Alarco - liabilities and automation in aviation - rpasCarolina Rius Alarco - liabilities and automation in aviation - rpas
Carolina Rius Alarco - liabilities and automation in aviation - rpas
ALIAS Network
 
Marc Bourgois - experience from long-term and innovative research
Marc Bourgois - experience from long-term and innovative researchMarc Bourgois - experience from long-term and innovative research
Marc Bourgois - experience from long-term and innovative research
ALIAS Network
 
Maurizio Mancini - the ansp perspective
Maurizio Mancini - the ansp perspectiveMaurizio Mancini - the ansp perspective
Maurizio Mancini - the ansp perspective
ALIAS Network
 
Hanna Schebesta - test application results
Hanna Schebesta - test application resultsHanna Schebesta - test application results
Hanna Schebesta - test application results
ALIAS Network
 
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systems
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systemsPierpaolo Gori - elements of regulation on remotely piloted aircraft systems
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systems
ALIAS Network
 
Giuseppe Contissa - the legal case
Giuseppe Contissa - the legal caseGiuseppe Contissa - the legal case
Giuseppe Contissa - the legal case
ALIAS Network
 

More from ALIAS Network (20)

Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
Paola Tomasello - Liabilities of Remotely Piloted Aircraft Systems (RPAS): th...
 
Luca Falessi - the caa perspective on the future of atm
Luca Falessi - the caa perspective on the future of atmLuca Falessi - the caa perspective on the future of atm
Luca Falessi - the caa perspective on the future of atm
 
Ken Carpenter - application of legal case to acas x
Ken Carpenter - application of legal case to acas xKen Carpenter - application of legal case to acas x
Ken Carpenter - application of legal case to acas x
 
Ken Carpenter - a new generation of airborne collision avoidance systems acas x
Ken Carpenter - a new generation of airborne collision avoidance systems acas xKen Carpenter - a new generation of airborne collision avoidance systems acas x
Ken Carpenter - a new generation of airborne collision avoidance systems acas x
 
Damiano Taurino - operational usages and regulatory framework of rpas
Damiano Taurino - operational usages and regulatory framework of rpasDamiano Taurino - operational usages and regulatory framework of rpas
Damiano Taurino - operational usages and regulatory framework of rpas
 
Anthony Smoker - the ifatca perspective on the future of atm
Anthony Smoker - the ifatca perspective on the future of atmAnthony Smoker - the ifatca perspective on the future of atm
Anthony Smoker - the ifatca perspective on the future of atm
 
Anthony Smoker - the atcos perspective on RPAS: The IFATCA view
Anthony Smoker - the atcos perspective on RPAS: The IFATCA viewAnthony Smoker - the atcos perspective on RPAS: The IFATCA view
Anthony Smoker - the atcos perspective on RPAS: The IFATCA view
 
Dennis Shomko - rpas industry perspective: who’s in charge?
Dennis Shomko - rpas industry perspective: who’s in charge?Dennis Shomko - rpas industry perspective: who’s in charge?
Dennis Shomko - rpas industry perspective: who’s in charge?
 
Roger Sethsson - insurance perspective on automation and innovation in aviation
Roger Sethsson - insurance perspective on automation and innovation in aviationRoger Sethsson - insurance perspective on automation and innovation in aviation
Roger Sethsson - insurance perspective on automation and innovation in aviation
 
Luca Save - a human factors perspective: the loat
Luca Save - a human factors perspective: the loatLuca Save - a human factors perspective: the loat
Luca Save - a human factors perspective: the loat
 
Giovanni Sartor - addressing legal and social aspects the alias project
Giovanni Sartor - addressing legal and social aspects the alias projectGiovanni Sartor - addressing legal and social aspects the alias project
Giovanni Sartor - addressing legal and social aspects the alias project
 
Amedeo Santosuosso - judicial approaches on rpas
Amedeo Santosuosso - judicial approaches on rpasAmedeo Santosuosso - judicial approaches on rpas
Amedeo Santosuosso - judicial approaches on rpas
 
Alfredo Roma - addressing liabilities with rpas
Alfredo Roma - addressing liabilities with rpasAlfredo Roma - addressing liabilities with rpas
Alfredo Roma - addressing liabilities with rpas
 
Stefano Prola - IATA input in alias legal case
Stefano Prola - IATA input in alias legal caseStefano Prola - IATA input in alias legal case
Stefano Prola - IATA input in alias legal case
 
Carolina Rius Alarco - liabilities and automation in aviation - rpas
Carolina Rius Alarco - liabilities and automation in aviation - rpasCarolina Rius Alarco - liabilities and automation in aviation - rpas
Carolina Rius Alarco - liabilities and automation in aviation - rpas
 
Marc Bourgois - experience from long-term and innovative research
Marc Bourgois - experience from long-term and innovative researchMarc Bourgois - experience from long-term and innovative research
Marc Bourgois - experience from long-term and innovative research
 
Maurizio Mancini - the ansp perspective
Maurizio Mancini - the ansp perspectiveMaurizio Mancini - the ansp perspective
Maurizio Mancini - the ansp perspective
 
Hanna Schebesta - test application results
Hanna Schebesta - test application resultsHanna Schebesta - test application results
Hanna Schebesta - test application results
 
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systems
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systemsPierpaolo Gori - elements of regulation on remotely piloted aircraft systems
Pierpaolo Gori - elements of regulation on remotely piloted aircraft systems
 
Giuseppe Contissa - the legal case
Giuseppe Contissa - the legal caseGiuseppe Contissa - the legal case
Giuseppe Contissa - the legal case
 

Recently uploaded

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
Neo4j
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
Alan Dix
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
Alex Pruden
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Aggregage
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Nexer Digital
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
Safe Software
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
Adtran
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 

Recently uploaded (20)

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
GraphSummit Singapore | Enhancing Changi Airport Group's Passenger Experience...
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Epistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI supportEpistemic Interaction - tuning interfaces to provide information for AI support
Epistemic Interaction - tuning interfaces to provide information for AI support
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex ProofszkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
zkStudyClub - Reef: Fast Succinct Non-Interactive Zero-Knowledge Regex Proofs
 
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionGenerative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FMEEssentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Pushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 daysPushing the limits of ePRTC: 100ns holdover for 100 days
Pushing the limits of ePRTC: 100ns holdover for 100 days
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 

Software liability

  • 1. Software and product liability Giuseppe Contissa | European University Institute
  • 2. Strict liability vs negligence • should software manufacturers be held strictly liable for software defects? • If computer software is deemed to be a service, then a manufacturer is generally not liable in tort, absent some negligent behaviour or intentional misconduct. • If computer software is deemed to be a product, then a manufacturer may be liable under strict liability or negligence. • "aeronautical chart" cases • To date, there are no reported decisions in the United States holding a software vendor liable under a strict liability theory (Scott 2008).
  • 3. Strict liability (1) • Software manufacturers should be held strictly liable because: • strict liability would encourage risk spreading • strict liability would encourage the manufacturer to purchase products liability insurance, thus passing the cost of the insurance onto the users of the product. (issues: insurance is not easy to obtain, higher prices) • liability under a negligence theory may be unavailable • the injured party, in a negligence action, faces the burden of showing that there was a lack of due care in the design or manufacture of the computer software. • in the more complex and advanced computer software, it may be extremely difficult for a consumer or user of the computer software to identify the lack of due care by the manufacturer which was responsible for the defect.
  • 4. Strict liability (2) • Software manufacturers should be held strictly liable because: • strict liability forces manufacturers to take precautions before marketing their product • Manufacturer are in the best position to know all potential defects and potential harms that their products might cause. Forcing manufacturers to pay for personal injuries created by software defects will encourage them to be more careful. • injured party will be adequately compensated • the application of strict liability to computer software defects would ensure that injured plaintiffs receive adequate compensation for their injuries, especially in fields such ATM, where defective computer software may result in serious personal injury or death. • manufacturer makes a representation of product safety • implicit in a product's presence on the market is a representation that the product will safely do the jobs for which it was built. By placing the computer software on the market, the computer software manufacturer should be forced to assume liability for any injury caused by the computer software which was unreasonably dangerous
  • 5. negligence • Software manufacturers should NOT be held strictly liable because: • strict liability will cause an undue burden upon computer software manufacturers • it is essential to balance the need for the adoption of softwares and automation with the risk involved in their malfunctions. In balancing the need versus the harm, it is crucial to look at the costs and risk of damage had the computer program not been used, and if there are other efficient and safe methods of carrying out the same function. • strict products liability would hamper innovation • Implementation of strict products liability would discourage the research and development of potentially life saving / safety enhancing / efficient software. If computer software manufacturers were to face strict liability for defects in computer software which they did not know about and could not prevent, many manufacturers would discontinue "cutting edge" ventures
  • 6. Contributory negligence • Contributory negligence or victim fault should be recognized in all cases of liability, both fault and strict: • An efficient liability rule would require that the operator bear the cost of avoidable harm, (avoidable by due care), excluding those harms that victims can prevent more cheaply (Calabresi -cheapest cost avoider) • If contributory negligence is not a defense, then any liability rule is potentially inefficient (Bergkamp)
  • 7. Manufacturing defects vs. design defects • is a software bug a manufacturing defect or a design defect? • A manufacturing defect is one that differs from the intended result of the manufacturer or from other identical items of the same production line (production flaw) • A design defect, instead, exists where the product is designed in such a way that it carries an inherent risk of harm in normal use. • Strict products liability is equally applicable to both manufacturing defects and design defects, although it is often easier to apply strict products liability to a manufacturing defect. • Design defect has higher burden of proof (reasonable alternative design, level of expected safety) • State of the art defence • "risk/utility” test (B < PL)
  • 8. software liability in relation to patches and updates • Is there a responsibility for failure to check adequately for bugs? • manufacturers’s responsibilities would include carefully formulating the design of the software to prevent vulnerabilities that can be exploited by hackers and other third parties, properly implementing the design in code, thoroughly testing the code to expose any vulnerabilities, and revising the code to remove the vulnerabilities before releasing the software to the public. • Is the developer responsible for providing a patch/update? Is there a user's contributory negligence? • Usually, many of these errors are discovered only after the software has been distributed. Three software liability policies has been investigated (in relation to security): 2. Loss Liability Policies, where the software vendor/manufacturer is liable to partially or fully compensate users’ losses incurred in case of attack/damage 3. Patch Liability Policies, where the software vendor/manufacturer is held liable to compensate patching costs incurred by users if a vulnerability/error is discovered before the damage is produced 4. Security Standards Policies, where regulation enforces a certain standard of security to be achieved by the vendor/manufacturer during software development to mitigate security vulnerabilities.
  • 9. liability and autonomous software • In certain circumstances, when a damage is caused by the use of defective autonomous software/automated systems, human operators (e.g. pilots) should be shielded from liability because they are relying on automated systems to fulfill their tasks (e.g. GPS/autopilots to guide them to the correct destination). • However, if no design/manufacturing defects are detected, the user would be responsible under (a sort of) vicarious liability, rather than liability of the custodian. • Therefore, in analogy with vicarious liability, when software's performances are below a certain standard, the user would be liable even if he was not negligent. • In this scenario, what would be the appropriate standard to be taken into account? Maybe, the level of care that would be expected from a human being executing the same task delegated to the autonomous system.
  • 10. liability for open source software • The peculiar characteristic of open source software is that it is distributed under the form of source code, while the distribution of the executable code is only optional. • In such a case, should liability be framed as liability for misleading/inaccurate/wrong information? • In the US, providers of items containing certain forms of “information” have been exempted from strict product liability, even in cases where the item in question has been mass produced (Book Cases).
  • 11. Law and economics analysis • Law and economics models help us to analyse the effect of liability on incentives • whether to engage in activities • how much care to exercise to reduce risk when doing so • Cost internalization theory: 5.It creates incentives to prevent damages taking care (preventive measures to reduce risk) 6.It would further risk (or loss) spreading 7.It would cause the price of activities to increase, resulting in lower activity levels
  • 12. Liability for accidents (Shavell): optimal care • Let x be expenditures on care (or the value of effort devoted to it) and p(x) be the probability of an accident that causes harm h (p decreases when x increases). • Assume that the social objective is to minimize total expected costs, x + p(x)h, and let x∗ denote the optimal x. • under both forms of liability, strict liability and the negligence rule, injurers are induced to take optimal care (x∗ ). • a regime of strict liability with contributory negligence induces the socially optimal level of care by both parties.
  • 13. Liability for accidents (Shavell): level of activity • Let z be the level of activity • Let b(z) be the injurer’s benefit from the activity, (b increases when z increases) • z(x + p(x)h) is the total cost of care and expected harm given z • Under strict liability, an injurer will choose both the optimal level of care x∗ and the optimal level of activity z∗, as his objective is the same as the social objective, to maximize b(z) − z(x + p(x)h) • Under the negligence rule, an injurer will choose optimal care x∗, but his level of activity z will be socially excessive. • The explanation for the excessive level of activity is that the injurer’s cost of raising his level of activity is only his cost of care x∗ , which is less than the social cost, as that also includes p(x∗ )h. • Open issue: burden of proof
  • 14. Software liability • intrinsic software (user does not interact directly with the software, e.g software embedded in planes or automobiles) • extrinsic software (pc application) • intrinsic and extrinsic software may be key to a socially efficient liability regime, because the economic theory of product liability law prescribes the assignment of liability to the party who controls the risk • strict liability rule may not be socially optimal for extrinsic software, because it would not induce the consumer to exercise due care in the installation, operation, and use of the software
  • 15. Software liability in ATM: Überlingen (1) • First Instance Court N. 34 of Barcelona, Spain (2010) • plaintiffs representing thirty-one (31) of the Russian passengers (Bashkirian Airlines Flight 2937) • Defendants: The manufacturers of the TCAS, Honeywell International, Inc. (“Honeywell”) and Aviation Communication & Surveillance Systems (“ACSS”) • the Spanish Court found that two alleged defects of the TCAS had not been proven: (1) the alleged fault in the RA Reversal system; and (2) the alleged existence of a new version of TCAS software available to correct the claimed problems of the earlier version that defendants had failed to implement. • However, the Court did find that plaintiff had proven a third alleged defect, i.e., that the TCAS II Pilot’s Guide failed to clearly set forth the priority of TCAS advisories over conflicting air traffic control orders.
  • 16. Software liability in ATM: Überlingen (2) • Product Liability • "[T]he lack of adequate instructions and warnings in the defendants’ TCAS Pilot’s Guide […] contributed towards the Tupolev pilot’s error that caused the accident and, accordingly, we can conclude that this information defect contributed substantially to the damage, being part of one of its causes. For this reason, the defendants shall be liable for the damages caused." • The Court rejected plaintiffs’ claims for survival damages. The Court also rejected plaintiffs’ claims for punitive damages. • The Court found that Honeywell was not liable for non-monetary damages • ACSS was liable for non-monetary damages ($5,991,501) • plaintiffs were awarded a total of $10,459,810.50 in damages for the deaths of 30 persons, including $6,723,639.45 as to ACSS and $3,736,171.05 as to Honeywell13 – an average of $348,660.35 per decedent. The decision is currently subject to appeal.
  • 17. Software liability in ATM: Überlingen • “Forum shopping” • 22nd Convention on the Law Applicable to Products Liability, signed in The Hague on October 2, 1973 • currently in force in 11 European countries (Spain, France, the Netherlands, Croatia, Finland, Luxembourg, Montenegro, Norway, Serbia, Slovenia, and FYROM) (6 of them are also party of Rome II) • Article 6 applies the law of the manufacturer's principal place of business unless the claimant bases his claim on the law of the place of injury. • Article 11 establishes that there is no requirement for the Convention to have been adopted by the country to whose law Articles 6 points. • On these grounds judges applied apply Arizona law for ACSS and New Jersey law for Honeywell.

Editor's Notes

  1. The manufacturer is held liable under the risk-utility test if the probability of injury times the gravity of injury under the current product design is more than the cost of an alternative reasonable design plus the diminished utility resulting from modifying the design.
  2. (other EU states: rome II) EU Regulation 864/2007 on the Law Applicable to Non-Contractual Obligations (&amp;quot;Rome II&amp;quot;) which is now in operation and would designate the law applicable to non- contractual obligations arising out of torts (Article 4) or damage caused by products (Article 5). As a general rule, Article 4 in respect of torts applies the law of the country in which the damage occurs, whilst Article 5 for product liabilities applies the law of: (1) the habitual residence of the person suffering damage, provided the product was marketed there; or, failing that (2) the country in which the product was acquired, provided the product was marketed there; or failing that (3) the country in which the damage occurred, provided the product was marketed there. Whilst the Convention takes precedence over Rome II for the 6 EU countries party to both, Rome II&apos;s choice of law provisions promisingly appear to increase the chances of US-based manufacturers avoiding being subject to US law before a European court.