Communications of the ACM
Abolish Software Warranty Disclaimers
Credit: iStockPhoto.com
Carl Landwehr was right to suggest in his Viewpoint "We Need a Building Code for Building Code" (Feb. 2015) that there should be a building code for software. Lawmakers should thus re-examine the common practice of allowing warranty disclaimers for commercial software. The software development industry claims it is simply too difficult to build correct software. But such a position looks increasingly absurd. A smartphone derives most of its functionality from gigabytes of software, though it is regarded as a device; an inability to make calls or take photos is rightly covered by consumer-protection laws. Smartphones are only the most obvious case; innumerable consumer products, including televisions and automobiles, depend crucially on software yet are protected by warranties. The only software subject to warranty disclaimers is, incredibly, actual software products.
As a first step toward abolishing warranty disclaimers, lawmakers should make software companies liable for faults caused by egregious programming malpractice. The most obvious example is buffer overruns and, more generally, failure to validate input data, whether from a user or from a file. An example of the latter is when a program crashes due to one of the possibly thousands of fonts on the machine being corrupt. Passwords stored in clear and other gross lapses of security engineering should be explicitly forbidden. Never forget the astonishing case of the Diebold voting machine, as reported by Douglas W. Jones of the University of Iowa in 2003, saying, "The encryption key F2654hD4 is present, in plain view, in the source code."1
No entries found