Skip to content

Commit

Permalink
Merge pull request #29 from phuse-org/chapter_updates_14
Browse files Browse the repository at this point in the history
Update Liability
  • Loading branch information
KatjaGlassConsulting authored Mar 11, 2024
2 parents 4d8f0f5 + e5ef47b commit a68a2f6
Showing 2 changed files with 52 additions and 2 deletions.
4 changes: 3 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -9,4 +9,6 @@ _book/

*.docx

_rendered/
_rendered/
intro_files
intro.html
50 changes: 49 additions & 1 deletion liability.qmd
Original file line number Diff line number Diff line change
@@ -8,12 +8,60 @@ title: "Liability with OS"

- Are there mitigating actions which can limit or eliminate liabilities?

## Understanding Liability and Warranty in Software Development

Liability and warranty are two crucial legal concepts in the realm of software development. **Liability** refers to the legal obligation or responsibility that arises from actions or lack thereof. In the context of software, this could mean the responsibility for any system malfunctions, data breaches, or data loss that occur due to the software.

On the other hand, a **warranty** is a pledge or assurance given by the provider of the source code. It's a promise that the software will perform as described and that any defects or issues will be addressed within a specified period.

Given the potential risks associated with software use, such as system malfunctions or data breaches, the liability and warranty of the source code provider become critical considerations.

Most open-source licenses include a disclaimer to shield developers from claims. However, the responsibility for liability and warranty doesn't solely rest with open-source users, either. It extends to all software users, including those using commercial software.

Andy Nicholls has helpfully provided a link to the [EMA's Notice on validation and qualification of software tools used in clinical trials](https://www.ema.europa.eu/en/documents/regulatory-procedural-guideline/notice-sponsors-validation-and-qualification-computerised-systems-used-clinical-trials_en.pdf){target="_blank"}. This document clearly states that the sponsor bears the ultimate responsibility for the validation of the computerised system. They must provide adequate documented evidence of the validation process.

While the sponsor can rely on qualification documentation provided by the vendor, they must assess the adequacy of the vendor's qualification activities. Based on a documented risk assessment, the sponsor may also need to perform additional qualification and validation activities.

>The sponsor is ultimately responsible for the validation of the computerised system and for providing adequate documented evidence on the validation process. [...] The sponsor may rely on qualification documentation provided by the vendor, if the qualification activities performed by the vendor have been assessed as adequate. However, the sponsor may also have to perform additional qualification (and validation) activities based on a documented risk assessment.
**Summary**: Regardless of whether open-source or commercial software is used, the sponsor carries the responsibility for warranty and liability. While commercial software requires reliance on the vendor, the transparency of open-source software offers additional avenues for assurance and accountability.

## Liability and Warranty according Open Source Licenses

Most open source licenses include a disclaimer of liability and warranty. So according the license there is no liability and warranty from the source code provider.

Examples:

- [MIT License](https://opensource.org/licenses/MIT){target="_blank"}

>The software is provided “as is”, **without warranty** of any kind, express or implied, including but not limited to the warranties of merchantability, fitness for a particular purpose and noninfringement. In **no event shall** the authors or copyright holders **be liable** for any claim, damages or other liability, whether in an action of contract, tort or otherwise, arising from, out of or in connection with the software or the use or other dealings in the software.
- [Apache License 2.0](https://www.apache.org/licenses/LICENSE-2.0.html){target="_blank"}

>7. Disclaimer of Warranty <br/>
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an “AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.<br/><br/>
>8. Limitation of Liability<br/>
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages.<br/><br/>
>9. Accepting Warranty or Additional Liability<br/>
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.

- [GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.html){target="_blank"}

>15. Disclaimer of warranty.<br/>
There is **no warranty** for the program, to the extent permitted by applicable law. Except when otherwise stated in writing the copyright holders and/or other parties provide the program “as is” without warranty of any kind, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The entire risk as to the quality and performance of the program is with you. Should the program prove defective, you assume the cost of all necessary servicing, repair or correction.<br/><br/>
>16. Limitation of liability.<br/>
**In no event** unless required by applicable law or agreed to in writing will any copyright holder, or any other party who modifies and/or conveys the program as permitted above, **be liable** to you for damages, including any general, special, incidental or consequential damages arising out of the use or inability to use the program (including but not limited to loss of data or data being rendered inaccurate or losses sustained by you or third parties or a failure of the program to operate with any other programs), even if such holder or other party has been advised of the possibility of such damages.

- [BSD 3-Clause "New" or "Revised" License](https://opensource.org/licenses/BSD-3-Clause){target="_blank"}

>This software is provided by the copyright holders and contributors “as is” and any express or **implied warranties**, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose **are disclaimed**. In **no event shall the copyright holder or contributors be liable** for any direct, indirect, incidental, special, exemplary, or consequential damages (including, but not limited to, procurement of substitute goods or services; loss of use, data, or profits; or business interruption) however caused and on any theory of liability, whether in contract, strict liability, or tort (including negligence or otherwise) arising in any way out of the use of this software, even if advised of the possibility of such damage.
## How to Contribute

Contribute to the discussion here in GitHub Discussions:\
[Are contributors to open source exposing themselves to any liability of their solutions?](https://github.com/phuse-org/OSTCDA/discussions/14){target="_blank"}

## Guidance
All contributions should:

- Provide your thoughts and perspectives

0 comments on commit a68a2f6

Please sign in to comment.