[les-software] disclosure of known defects

[Alex Rousskov]

On Fri, 12 Mar 2004, Lawrence E. Rosen wrote:

> You've asked a fascinating question and I'm looking forward to the
> comments of those who work specifically with proprietary software.
> You asked whether a software licensor has a duty to disclose known
> defects.

A defect is some kind of imperfection compared to a recognized
standard or norm. Most software claims to be useless (unfitted) for
any purpose. Thus, such software cannot have defects, by definition
(from legal point of view and where the disclaimer is legal).

> Open source software projects attempt to satisfy the concerns of
> consumers by (1) fully disclosing all source code so that defects
> can be known and corrected;

To be precise, you could say "so that defects are sometimes easier to
find and correct". If source code would somehow magically expose and
fix most bugs, neither open source nor closed source software would
have any bugs. Moreover, if just knowing the source code would
drastically contribute to the reduction of bugs, then, from technical
point of view, most of the same bugs would be found by analyzing
binary code.

> (2) undertaking software development in a collaborative fashion so
> that contributors are encouraged to find, document and fix defects;

Contributors to closed source software also collaborate and are
encouraged to find, document, and fix defects. To be precise, you
could say that open source software has a larger pool of potential
contributors. Whether more contributors always results in better
software is debatable, of course.

> (3) disclaiming all warranties and disclaiming liability to the
> maximum extent permitted by law.

Same for commercial software.

> By way of contrast, most of the proprietary vendors I've worked with
> treat their defect lists as trade secrets, and then also disclaim
> warranties and liability.

I agree that being open about known bugs is usually the Right Thing to
do. Many commercial vendors have bug/knowledge databases that reflect
current state of their software.  Many open source projects do not
have such databases.

Overall, the above arguments sound to me more like wishful thinking
rather than sound evidence (unfortunately!).

> If a client of mine were ever seriously injured (personally or
> financially) by a software defect known to the vendor but not
> reported to consumers, I'd sue for fraud regardless of the
> disclaimers of warranty and liability.

Ouch. Would you sue an open source vendor or just the closed source
one (all other factors being the same)? Would your decision to sue
depend on the price of the product? License? Number of products
distributed?  Authors personal wealth?


Open source software fans (myself included) tend to use
unsubstantiated claims when trying to defend their values. This is not
much better than a regular FUD technique used by closed source
zealots. We should know better!

Alex.
--
license-discuss archive is at http://crynwr.com/cgi-bin/ezmlm-cgi?3