« Cyberattacks are exploitations of defects in software. Therefore, a defect-free software is immune to cyberattacks. Unfortunately, mankind is fallible and thus, all software are ridden with defects. As the world is now unable to live without Internet connectivity, software manufacturers are morally and ethically bound to promptly correct all defects in their software and make all such fixes freely available to all so that the world’s exposure to cyberattacks may be reduced » – Peter Alfred-Adekeye, Multiven CEO
The recent spate of sophisticated cyberattacks such as WannaCrypt have raised many product liability and ethics questions for all software manufacturers.
Who is to blame ?
« Microsoft could have slowed the devastating spread of ransomware WannaCry to businesses, reports the Financial Times. Instead, it held back a free repair update on machines running older software like Windows XP. »
David Omand, the former head of British intelligence agency GCHQ stated on May 16, 2017 that pursuant to the devastation caused by the Wannacrypt cyberattack, Microsoft should have maintained non-stop support for its Windows XP software to protect public services. As of May 18, 70,000 computers belonging to the UK’s National Health Service have been attacked by Wannacrypt which has essentially encrypted all the patients’ medical records, x-rays, prescriptions etc. causing an unprecedented interruption to critical health-care service delivery to millions of patients, including cancer and elderly surgery patients, across the UK.
But this highlights a deeper problem in the industry.
Today, very few businesses can compete effectively without being online. As such the need for non-stop maintenance of the integrity of the software that runs all our Internet-enabled devices be it routers, smartphones or computers, is existential for organizations of all sizes.
In the case of the networking equipment industry, customers continue to be subjected to unfair and unethical treatments despite their loyalty. Network Equipment Manufacturers often coerce customers into buying their expensive software maintenance services and support by threatening to discontinue customer access to software bug fixes.
But first, let’s explain what a software bug is.
A software bug is the common term used to describe an inherent manufacturer error, flaw, mistake, failure or fault in software that prevents it from behaving as intended, causing it to produce an incorrect or unexpected result
Bugs can have a wide variety of effects, with varying levels of inconvenience to the user of the software.
Some bugs have a subtle effect on the software’s functionality, and may thus lie undetected for a long time, while some other more serious bugs may cause the software to crash or freeze leading to a complete denial of service. Others qualify as cybersecurity bugs that may enable a malicious attacker to bypass access controls and remotely gain control of an entire IT network and all the confidential data that traverses it.
Unlike hardware, which can break down from use or abuse, there is no wear-and-tear in software. As such, all bugs in proprietary software were inherently manufactured by the software manufacturer and should thus be corrected for all consumers free of charge. If you’ve paid for software, you should never have to pay the manufacturer to fix their manufactured defects.
So as a consumer, what are my rights ?
- You have a right to free bug fixes for your software’s useful life:
- You have a right to proactive notifications of all defects in their software feature sets, as well as the bug fixes, as they are available : Software manufacturers without the ability to push software updates over-the-Internet preemptive, should proactively notify customers of defects through emails, tweets, RSS feeds, podcasts, blogs and other online channels.
- You have a right to software operating manuals, release notes, caveats and bug databases for the useful life of your software.
Such important information should be shared with customers so that they can properly operate their software and proactively plan, diagnose and solve problems as they occur.
For a long time, the networking equipment industry has lacked independent oversight that would denounce these unethical tactics and advocate fair practices especially regarding software bug fixes.
This has to change. It is imperative that the following key issues be addressed to restore balance and fairness in the way customers are treated as the current status-quo is not sustainable.
In May 2009 European Union Commissioners Viviane Reding and Meglena Kuneva initiated a proposal that will hold software manufacturers liable for their software much the same way producers of physical products are held liable for their products.
As more and more of our daily lives are lived with, in and around Internet-enabled devices, the time high time Governments and lawmakers regulate the software manufacturing industry so we and our children can enjoy a safe and secure connected world.