Companies Seek to Hold Software Makers Liable For Flaws

25 Feb ’05

Via Jeff Nolan, a WSJ article (paid sub. required) on companies starting to pressure software developers to accept greater liability for flaws in software.  Unfortunately, the article almost scrupulously avoids any discussion of why liability is limited in the first place, though it goes to great lengths to explain why customers feel it ought to be less limited.

Major technology customers, fed up with spending millions of dollars to fix problems caused by software flaws, are starting to press software makers to assume responsibility for the faults and pick up some of the costs.

The moves are aimed at making tech companies such as Microsoft Corp. rethink the way they write and sell software. Executives responsible for computer security at companies including General Motors Corp., AT&T Corp. and Alcoa Inc. say software vendors should begin to stand behind their products much as sellers of other products and services do.

The efforts are in their early stages, but even a whisper of the "L-word" — liability — sends shudders through the software industry. Until now, most software makers have sold their products on the condition that they won’t be held liable if flaws cause damage, be it from computer crashes or virus attacks that exploit the faults. The cost of repairing such flaws, or of reimbursing customers harmed by hacker attacks or viruses, could cost a vendor many millions of dollars.

Customers are challenging the traditional exemption in the hope that increased liability will force vendors to deliver more secure and reliable software. GM, for example, is attempting to get software and computer-services vendors to agree to penalty provisions in new contracts that could hold the vendors liable if they fail to meet security requirements.

"Can you imagine if GM produced a vehicle and said, ‘We did a pretty good job of engineering this. It worked in the laboratory. Here it is, consumer, you go crash-test it,’" asks Eric Litt, chief information-security officer in GM’s information-systems and services unit. "We wouldn’t accept that as a society."

The article is really more a piece on why maintenance ought to free, or cheaper in any event.  But I think it really needs to be considered as more of a period piece – a view that is spreading as a consequence of the increasing commoditization of software, and growing customer frustration over the high cost of implementation, as well as the high cost of systems going sideways, an issue that Nicholas Carr wrestled with in Does IT Matter? (and revisited recently in a NYT Op-Ed piece), and that I wrote about in the outsourcing context earlier today.

But the larger point can’t be forgotten.  IT systems are complicated, often intensely so.  They are, in that respect at least, very unlike cars – or anything else that still uses what is essentially industrial revolution technology.  And as long as businesses want systems to be at the front of the leading edge – hoping for the competitive advantage that may bring them (notwithstanding Carr’s views), or whatever other benefit they are looking for – this will likely always be the case.  And something that is that complex and leading edge is going to come with mistakes built-in.  Guaranteed.  This is just the background technology risk that we all accept as part of the price of deploying innovation and enjoying accelerating productivity.  A necessary implication of using IT, if you will – you want simple and certain, buy a plow and get an ox.  Customers know that.  They expect that.  And until recently, they probably wouldn’t have had it any other way – they wanted everything, and they wanted it now.  What they would lose (operating cost efficiencies) in the merry-go-round, they would gain (overall productivity) in the swings.

So on balance, my instinct is, if there is truth in the WSJ article (and I’m seeing some of this in the deals I and my friends in this business negotiate so I am inclined to believe it), customers are saying "sure, we understand, and generally that’s OK, but enough already, at least help me with some of the pain, I’m bleeding over here".

Vendors, take note.  And consider this new dynamic as you pitch – increasingly, the tone of the sell will be used against you in the deal.

Previous post:

Next post: