Any repercussions for makers of OpenSSL?

[office politics]

if you make a open source software, are you legally liable for any damages?

how about any other programmers that uses the vulnerable open source software?

 

[carnageX]

Usually open source software has it included in their license that they're not liable for any damages, no warranty, etc. etc. I tend to include that in any software I make as well "By using this software you agree to the terms... blah blah".

 

[office politics]

Usually open source software has it included in their license that they're not liable for any damages, no warranty, etc. etc. I tend to include that in any software I make as well "By using this software you agree to the terms... blah blah".

problem would be just because it is in the contract doesn't mean it will hold up in court. i went to a security conference and they told me to read up on computer tort law.

Computer Torts - Business Torts - Torts

 

[Reapt]

I work IT security in an FI. That TLS bug was a serious concern of ours. Luckily it didn't affect us for reasons I won't disclose but if it did I wonder if it would have been possible for us to take action.

 

[office politics]

rethinking this. why wouldn't companies sue Microsoft when they were damaged by a zero day?

link:
Tort Law legal definition of Tort Law. Tort Law synonyms by the Free Online Law Dictionary.

Three elements must be established in every tort action. First, the plaintiff must establish that the defendant was under a legal duty to act in a particular fashion. Second, the plaintiff must demonstrate that the defendant breached this duty by failing to conform his or her behavior accordingly. Third, the plaintiff must prove that he suffered injury or loss as a direct result of the defendant's breach.

The law of torts is derived from a combination of common-law principles and legislative enactments. Unlike actions for breach of contract, tort actions are not dependent upon an agreement between the parties to a lawsuit. Unlike criminal prosecutions, which are brought by the government, tort actions are brought by private citizens. Remedies for tortious acts include money damages and injunctions (court orders compelling or forbidding particular conduct). Tortfeasors are subject to neither fine nor incarceration in civil court.



also, found this. I'm still searching for specific software cases involving tort law.

HEARTBLEED: A Lawyer's Perspective On Cyber Liability and the Biggest Programming Error in History | e-Discovery Team ®

 

[kmote]

If what you're saying is true, then it looks to me that tort laws do not require the existence of a contract between the two parties. However, it may still be the case that a contract is able to specifically disclaim those liabilities.
Of course, I hope that it doesn't get to court but I wonder what sort of damages could be awarded. I don't know much about the governance of these sorts of open source projects but I seriously doubt that they would have sufficient assets to pay significant damages.

 

[Reapt]

If what you're saying is true, then it looks to me that tort laws do not require the existence of a contract between the two parties. However, it may still be the case that a contract is able to specifically disclaim those liabilities.
Of course, I hope that it doesn't get to court but I wonder what sort of damages could be awarded. I don't know much about the governance of these sorts of open source projects but I seriously doubt that they would have sufficient assets to pay significant damages.

Open source is just that. They only funding they have is through donations which I mean could be a lot considering it's a one of a kind thing right now. But still probably not much in the bank.

Also if they were to come under fire I don't think their is another solution at the moment. Do we really want to cripple the only method?