Liability For Software Vulnerabilities

Information security lies in software security. Unfortunately, software vulnerabilities has become the norm, which is the main reason of viruses and malicious programs thriving. Resolving the problems of software vulnerabilities and promoting software security become very important in this information age.First, this paper analyzes the requirements of legal system for resolving the software vulnerability problem. Because of software security lemon market and the tragedy of the commons, the market fail, and the software with vulnerabilities overflow the market. While establishing a new market mechanism is one of the ways to solve market failures, but establishing software vulnerabilities market is hard to succeed. Through the software market model we can see that, given liability for software developers can promote software quality. A liability system will be very helpful for software vulnerability problem.Second, this paper explores the possibilities and the basic principles of warranty responsibility for software vulnerabilities. Software developers should be liable for the guaranty of its software vulnerabilities, although, in practice, the software disclaimer or limitation of liability clauses are always can be seen in end user contact. But, these terms may be identified as invalid by law. If there are vulnerabilities, the buyer can request developers to repair. And if there are damages, the buyer also can claim compensation, but the damages are limited by foreseeable principles.Furthermore, this paper discusses the necessity and possibility of product liability for software vulnerabilities. If there are vulnerabilities, causing damage, and a causal relationship exsit, software developers should be liable, and strict liability can apply. If there are software vulnerabilities but no damage, the user has the right to request developer to repaired; Causing damage to property, the user can claim compensation; If software vulnerabilities lead to invasion of privacy, the user can claim compensation for mental loss.Finally, this paper gives advices on constructing software vulnerabilities contract liability system and drawing software vulnerabilities product liability laws.