Wasn't there a report recently that estimated the loss to the US economy due to dodgy unreliable software was $3trillion a year, including time lost just trying to make it work?
Before commenting on the lunacy of the administration, it's worth contemplating that number for some moments.
Yep, it's too big a number to ignore. It's an assessment of how much the Software industry is ripping off the US. One software company doing a poor job is ignorable. The entire sector getting it wrong is another thing altogether.
The basis of the problem of course is your typical eula. They absolve the vendor of any liability whatsoever, but in the old days QC and testing was a thing. However managements all over the industry have used the eula as a reason to dispense with the QC. What it looks like the Biden administration is thinking of doing is, in effect, forcing software vendors to do Quality Control once more.
And this could be bad news for Open Source. You pick up some package for nowt off NPM, who is the responsible person? You incorporate Linux in something, who takes the blame for the CVE that pops up later? If you've used the gcc or clang compilers, good though they may be, and it turns out there is flaw in the code they build / libraries they use, what then? Basically, if eula's can no longer absolve the author of liability for bugs, the authors are going to have to do a lot more QC than is typical of most OS projects
And if the CPU underneath has a flaw, as seems to be a daily experience at present, then what?
There are ways to structure law to accommodate things like OSS. So it's probably better to engage with the politicians positively, rather than ignore or deride them for wanting to fix a $3trillion problem.
Biting the hand that feeds IT
