Linked by John O'Sullivan on Tue 7th Oct 2003 18:42 UTC
Microsoft has a little liability problem called Windows. Many are no doubt aware of a would-be class-action lawsuit launched last week in California. The suit targets Microsoft over security problems. The plaintiff is a woman who had her identity stolen. Details are
here. (NYTimes, free registration required)
Permalink for comment
To read all comments associated with this story, please click here.
To read all comments associated with this story, please click here.
This is a big ugly issue.
Software makers all over the planet take responsibility for their software every day. This liability is enforced through the contracts that the developers have with their clients. The responsibility, duties, and obligations are enumerated in the agreements.
The problem is that this level of care is done typically only with individual, custom software, and is usually quite expensive. But if you go into a contract with a client and don't meet the expecations and performance spelled out in that contract, then expect ramifications.
With consumer software, you typically don't enter into these kinds of contracts. Most folks can't afford them because the difference to having software "mostly work" and "perfectly work" can be quite dramatic, especially very complex systems.
Consumer software makers live on the fine line of hyping and promoting Wonderkind software while denying all liability and responsability. Most companies try a reasonable effort to help consumers surmount basic problems, but if you, say, reinstall Windows, and still can't get their software to run, they're not going to go to heroic efforts to make it work. If they're really nice, they might even give you your money back, but if you read the assorted licenses et al, they're really not obligated to.
However, if a software glitch slams a Boeing 777 into the ground, you can be assured that Boeing WILL be held to task for the issue, because they sell and maintain the entire system. But Boeing is perhaps at an advantage in that they have really good control over the entire platform, whereas Joes Software doesn't know much about your machine save that it's running Win95, and that it's relying on Microsoft to handle the details like hardware drivers and what not.
This gets into the lovely finger pointing common to modern software "It's your vendor! It's the driver! It's Microsoft!".
Most other products live nice, secluded lives that make them vastly easier to support. If your car starts doing odd things, you can take it to the dealer be assured that they won't say "Well, our test car doesn't do that, so it must be you." They can "easily" take the entire system as a whole and isolate the problem, fix the problem, in isolation, and if it's an "engineering issue", forward the data back to the factory on how to fix it and perhaps prevent it in the future.
Computers, specifically Consumer computers, are not stable platforms. Somehow modern systems are able to take simple, deterministic bits and processes and turn them into unpredictable chaotic systems. This is a key factor on why support for these systems is so difficult and expensive.
Add to the fact that not only are the system themselves changing, but adding the connectivity issue and the fact that the external environment is simply getting more and more hostile exacerbates the problem.
When developers can rely on their platforms, when they can get assurances of quality and liability from the vendors they craft their systems on as well as the platforms they deploy their systems on, then we can have a more stable sytem environment, though I imagine at this stage a for less flexible one.
As far as certifications etc, there's another side of the coin. Contracting, say, a home addition requires the tasks of licensed contractors. These contractors are licensed through a similar process as an MCSE. They're tested. Here in California, they require a couple of years of experience before they can test, but I don't know about other states.
Minimally though, it comes down to the test. Remember, 50% of the those that tested are in the bottom half of their class.
But as a back up to the license contractors, there's the State mandated building codes AND building inspectors. These folks "test the work" of the contractors. Of course, the beauty of building a house is once it's built, it's pretty static, so the inspector need come at best only once.
How many software systems stay that stable? Can you fathom bringing somebody in as your project is ready to deploy to audit the entire system? Code freeze the project and docs while the inspectors come through to learn the requirements and ensure quality and stability? Can you as a consumer rely on the developer to audit and check their own work? Should building contractors also be inspectors?
How many folks today decided to NOT change something because it requires a time consuming regression test? "Well, we changed the JVM, so let's test all 1500 JSP pages, shall we?"
Yes, this can all be done, but the environment, economically, historically, and culturally, does not support it. I'm sure Boeing does something like this for their 777, but most business systems can't and don't. Ever have a business system written, tested, documented, running, and deployed when all of sudden they get the "WalMart" contract, with edicts on how Things Must Be Done?
This is the dillema, and there's no easy answer.