Software as Product The Technical Challenge to Social Notions of Responsibility Clark Savage Turner J D Ph D Associate Professor CSC Cal Poly State University Software Products Liability 1 The Big Picture Engineering and social notions of defectiveness and responsibility are challenged by the unique nature of the software product The law will be applied to software technical explication necessary software won t fit because of its essential nature Software Products Liability 2 Roadmap Legal background legal risk management defect classifications Hypothesis software defect classification Software nature of code defects No rational way to classify code defects Solution by software engineering progress Conclusions Software Products Liability 3 Terminology Design intention or plan for a product Safety critical capable of causing or contributing to personal injury or property damage Software nontrivial safety critical mass marketed Specifications requirements design Design specifications same as above Specification sufficiency ability of specifications to contain all intentional decisions for code construction Product artifact with dangerous potential sold on mass market contrast with service Software Products Liability 4 Innovation by Design Homo Faber Man the maker design projects from the known into unknown possible worlds promise and optimism about benefits to humans New artifacts alter arrays of potentialities inevitable social costs in new risks someone always pays the inevitable costs who pays has consequences in the market Software Products Liability 5 Social Progress Social desire for safety and predictability conflicts with free technical innovation Social desire for technical innovation conflicts with safety and predictability Society protects advances its own welfare one way social notions of responsibility in tort balance risks and benefits of innovative technology common law goal is to optimize social welfare Software Products Liability 6 Tort Law Social obligations orthogonal to contract common judge made law dynamic self correcting requires deterministic algorithm that halts Purpose allocate costs of technical progress sacrifice victim s interests where social progress depends on technical progress industry pays its way where social goals are not advanced Software Products Liability 7 Tort Law Meets Risky Artifacts of Design Products potentially dangerous artifacts sold to remote customers must involve personal injury or prop damage inapplicable to pure services malpractice General Rule of Products Liability in Tort One who sells a defective product is subject to liability for harm caused by the defect Res99 Software Products Liability 8 Defect Classification Res99 1 Defect in Manufacture if product departs from intended design internal technical standard descriptive correctness risky mistakes are not socially beneficial strict standard due care irrelevant 2 Defect in Design if design safety is not socially defensible external social standard normative risky intention may bring social benefit negligence standard due care is central Software Products Liability 9 CAUSE Personal injury caused by software FAULT Defect in No design is the design too risky Design is adequately safe LIABILITY NO LIABILITY social support for valuable risk taking Costs assessed to victim No Safer alternative design was feasible Defect in manufacture does the product fail to satisfy design intention Product more dangerous than it was designed to be Software Products Liability LIABILITY for defective product Developers must internalize the costs of these accidents 10 Distinguishing Defect Class Find design intention engineering question establishes legal standard is due care relevant expected costs to parties can be determined this is a BIG deal who worries about this legal techniques 1 compare to design specifications 2 deviation from the norm test independent of designer s specifications Software Products Liability 11 Enter Software Products Innovative artifacts present new risks increasingly used in avionics nuclear medical example Therac 25 medical linac LT93 6 massively overdosed no technical solution expected Lev95 No legal precedent yet but software will soon face a products suit software considered a product disclaimers ineffective Software Products Liability 12 My common Hypothesis Rational classification of code defects by stage of production analogy software design design intention software code product construction hypothesize a different analogy Question can software engineers rationally identify the class of arbitrary code flaws The answer is NO I had to write my Ph D work up as a failure Software Products Liability 13 Related Work Legal research is divided code as design Wol93 coding mistake as manufacturing defect BD81 difficulty in software defect classification footnoted Software research appears divided Ham92 and others call code design Bro95 says code construction of product note concern with satisfaction of specifications Software Products Liability 14 Overview of Argument Code construction issues Defects of each class exist in code can we identify the class of an arbitrary defect operationalize social risk management by tort law Extant tests fail to distinguish rationally research seems to offer partial solutions but are they solutions to the right problem Difficulty is essential not accidental Software Products Liability 15 Reality and Code Construction One product built and copied identically code and fix waterfall model discrete stages of production Inevitable intertwining SB82 specifications not self contained pressure on coders to deliver working code code inevitably contains design decisions Spiral model Boe88 Software Products Liability 16 Defects in Software Products Code has potential for either kind of defect manufacture failure to satisfy design intention x y 5 instead of intended x y 5 design intention expressed only in code clear whenever specification is insufficient Where is design intention for code objective specifications subjective coder s mind Software Products Liability 17 Apply Current Tests to Distinguish Defect Class 1 Deviation from the norm test fails no deviations at all NEW CLASS generic manufacturing defects 2 Comparison to specifications fails specification insufficiency might work for many flaws won t work for arbitrary flaws specification completeness consistency and correctness Software Products Liability 18 Example from Therac code var 0