What Bruce Schneier Didn't Say

The ever-perceptive Bruce Schneier has another interesting column in Wired. This time he raises the question: Why not make vendors liable for software bugs? As he explains:

For years I have argued in favor of software liabilities. Software vendors are in the best position to improve software security; they have the capability. But, unfortunately, they don't have much interest. Features, schedule and profitability are far more important. Software liabilities will change that. They'll align interest with capability, and they'll improve software security.

But one thing he doesn't address here is what will happen to open source. After all, if coders become personally responsible for the bugs they write, the volunteer system is going to collapse pretty quickly.

I asked him about this a couple of years ago, and this is what he said:

I presume there would be some exemption for open source, just as the United States has a "good Samaritan" law protecting doctors who help strangers in dire need. Companies could also make a business wrapping liability protection around open source software and selling it, much as companies like Red Hat wrap customer support around open source software.