home | list info | list archive | date index | thread index

Meeting Announcement - Ways and Means to Successfully Contain Risk of OSS ?

Referring to the below email, I believe this issue of "Who do we sue?" is a non-issue.

Any business decision-maker wants a fall guy.  Any person representing business owners wants to see verifiable due diligence and a clear path to who will assume
financial responsibility for catastrophic failures.

Since suing an employee could never satisfy the fiduciary responsibility that
ownership of responsibility needs to convey, such decision-makers must look
to the path of using an outside consultant who will have the technical capacity and financial capacity to "own" the responsibility of the decision ... that the chosen suite of applications fits the needs of the business, *as verified by the*
*consultant in a first instance* (the basis of legal responsibility).

The client would outline the requirements regarding software/hardware architecture in the requirements specification along with the statement that no proprietary tools are acceptable, and that the consultant *will be held responsible* to ensure the deployed architecture is functional and reliable.  You also make it clear that the consultant will own the decision, and consequences of failures, regarding the contract proposal that is put forward for their solution to meet the stated requirements.

The contract would include clauses regarding signoff of delivered functionality,
but those signoffs would only be for functionality observed to operate per
consultants stated performance, and not a waiver of responsibility that that
performance meets the clients needs.

It would all boil down to the fine print of the contract where the client must have a template (/this is where the Linux and OSS industry needs to put some/ /effort into publishing standardized language for common use/) that provides the client with ironclad language of responsibility on the contractor side for how it was all put together, regardless of how the client specified his need. Contractors always identify where specifications need to be re-written due to technical limitations etc.  Such recommendations and technical expertise resides with the consultant, hence their being in business as consultants.  They have to assume responsibility for their sufficiency of knowledge and their degree of expertise for their field of consultancy.  Therefore they must assume liability for addressing any technical/operational scenario that the client may not have
foreseen.

Maybe someone who is still active in industry could approach people like

 * The Linux Foundation (https://www.linuxfoundation.org/)
 * Creative Commons (https://creativecommons.org/)
 * GNU.og (https://www.gnu.org)
 * the Free Software Foundation (https://www.fsf.org/)
 * the Open Source Initiative (https://opensource.org/)
 * the Open Source Security Foundation (https://openssf.org/)

and put to them the approach suggested above and see if they could collectively come together, with their legal teams, to create the legal templates that would put onus of responsibility clearly with the contractor firms that take on the projects, ensuring they back their claims of expertise with financial responsibility.

I don't have any clue if it would be workable, but maybe one element, to complement the legal side, might be a performance bond ... that is placed on the contractor with a 5-year trigger term would be sufficient to cover the client's need for fiduciary responsibility by the contractor.

Just wondering if those thoughts might resonate with members.


Eric
Retired Engineer


====================================

 * /Subject/: Re: Meeting Announcement
 * /From/: Katherine Mcmillan <kmcmi046 [ at ] uottawa [ dot ] ca
   <mailto:kmcmi046@DOMAIN.HIDDEN>>
 * /Date/: Sun, 3 Jul 2022 22:39:21 +0000

Thank you John; I think "reliable" was the wrong adjective chosen by the rep.
I find the "who do we sue?" [when something goes wrong] question problematic
on many levels.  I suppose the idea is that they could get in a courtroom with
Bill Gates and/or his legal team, and any issue would get sorted. Sort of like,
if you ever have a problem with your cereal, you could sue Captain Crunch.

A figurehead seems to be important, so that people do not ask who they can sue
when something goes wrong.  Maybe there needs to be a face under the Red Hat?
If so, I propose it look like Carmen Sandiego :)

Sincerely,
Katie

message navigation