Referring to the below email, I believe this issue of "Who do we sue?"
is a non-issue.
Any business decision-maker wants a fall guy. Any person representing
business
owners wants to see verifiable due diligence and a clear path to who
will assume
financial responsibility for catastrophic failures.
Since suing an employee could never satisfy the fiduciary responsibility
that
ownership of responsibility needs to convey, such decision-makers must look
to the path of using an outside consultant who will have the technical
capacity
and financial capacity to "own" the responsibility of the decision ...
that the
chosen suite of applications fits the needs of the business, *as
verified by the*
*consultant in a first instance* (the basis of legal responsibility).
The client would outline the requirements regarding software/hardware
architecture
in the requirements specification along with the statement that no
proprietary tools
are acceptable, and that the consultant *will be held responsible* to
ensure the
deployed architecture is functional and reliable. You also make it
clear that the
consultant will own the decision, and consequences of failures,
regarding the contract
proposal that is put forward for their solution to meet the stated
requirements.
The contract would include clauses regarding signoff of delivered
functionality,
but those signoffs would only be for functionality observed to operate per
consultants stated performance, and not a waiver of responsibility that
that
performance meets the clients needs.
It would all boil down to the fine print of the contract where the
client must
have a template (/this is where the Linux and OSS industry needs to put
some/
/effort into publishing standardized language for common use/) that
provides
the client with ironclad language of responsibility on the contractor
side for
how it was all put together, regardless of how the client specified his
need.
Contractors always identify where specifications need to be re-written
due to
technical limitations etc. Such recommendations and technical expertise
resides
with the consultant, hence their being in business as consultants. They
have
to assume responsibility for their sufficiency of knowledge and their
degree
of expertise for their field of consultancy. Therefore they must assume
liability
for addressing any technical/operational scenario that the client may
not have
foreseen.
Maybe someone who is still active in industry could approach people like
* The Linux Foundation (https://www.linuxfoundation.org/)
* Creative Commons (https://creativecommons.org/)
* GNU.og (https://www.gnu.org)
* the Free Software Foundation (https://www.fsf.org/)
* the Open Source Initiative (https://opensource.org/)
* the Open Source Security Foundation (https://openssf.org/)
and put to them the approach suggested above and see if they could
collectively
come together, with their legal teams, to create the legal templates
that would
put onus of responsibility clearly with the contractor firms that take
on the
projects, ensuring they back their claims of expertise with financial
responsibility.
I don't have any clue if it would be workable, but maybe one element, to
complement
the legal side, might be a performance bond ... that is placed on the
contractor with a 5-year trigger term would be sufficient to cover the
client's need for fiduciary responsibility by the contractor.
Just wondering if those thoughts might resonate with members.
Eric
Retired Engineer
====================================
* /Subject/: Re: Meeting Announcement
* /From/: Katherine Mcmillan <kmcmi046 [ at ] uottawa [ dot ] ca
<mailto:kmcmi046@DOMAIN.HIDDEN>>
* /Date/: Sun, 3 Jul 2022 22:39:21 +0000
Thank you John; I think "reliable" was the wrong adjective chosen by the rep.
I find the "who do we sue?" [when something goes wrong] question problematic
on many levels. I suppose the idea is that they could get in a courtroom with
Bill Gates and/or his legal team, and any issue would get sorted. Sort of like,
if you ever have a problem with your cereal, you could sue Captain Crunch.
A figurehead seems to be important, so that people do not ask who they can sue
when something goes wrong. Maybe there needs to be a face under the Red Hat?
If so, I propose it look like Carmen Sandiego :)
Sincerely,
Katie