How should we fix the IT industry?

[Samson]

So what if Windows gets a $5/m subscription option, and monthly updates that indefinitely allow you to update as long as you're subscribed?

Now this is a difficult one. Perhaps something like "beyond original service costs", so if you originally charged $5m / year you can continue doing so, but if you originally provided them free (and that was the deal under which your customers were persuaded to part with their money) then that is what you have to continue providing, unless you open source it.

What does "stand by its performance" even mean? Microsoft doesn't misrepresent Windows. Sure, it has bugs, as does every software.

A Ford Fiesta isn't the safest car in the world, but every time someone gets injured in a Fiesta collision they can't sue Ford for making the Fiesta less safe than a Tesla Model S.

Should we force Ford to take on more liability unless they open source all design and engineering documentation for their cars?

This is the point. There are standards that cars have to meet, and if they do not meet them you can sue the manufacturer. This is the same for ever other industry, except software (and religion). These standards would not be "no bugs ever", but would be more than the "no liability at all, run at your own risk" that is the current standard. Should we allow ford to take no liability for the functioning or safety of their cars? If not, why should we allow microsoft to take no liability for the functioning or safety of their software?

I would guess Microsoft would be more concerned with someone making a non-open source direct competitor. Considering all the things Microsoft is accused (probably rightly) of ripping off in the process of making Windows it is reasonable to expect them to not volunteer anything to the great unseen competitor that may well be out there somewhere.

I am guessing that the open source licence under which it would be released would be copy left, so it could not be used by someone making a non-open source direct competitor.

 

[Zelig]

This is the point. There are standards that cars have to meet, and if they do not meet them you can sue the manufacturer. This is the same for ever other industry, except software (and religion). These standards would not be "no bugs ever", but would be more than the "no liability at all, run at your own risk" that is the current standard. Should we allow ford to take no liability for the functioning or safety of their cars? If not, why should we allow microsoft to take no liability for the functioning or safety of their software?

Because Microsoft software quality is already in the 99th percentile, any reasonable software standards by a government body wouldn't be relevant to them.

It would be like the Indian auto-standards body hassling Tesla about safety and emissions standards on the Model S.

 

[warpus]

This is the point. There are standards that cars have to meet, and if they do not meet them you can sue the manufacturer. This is the same for ever other industry, except software (and religion). These standards would not be "no bugs ever", but would be more than the "no liability at all, run at your own risk" that is the current standard. Should we allow ford to take no liability for the functioning or safety of their cars? If not, why should we allow microsoft to take no liability for the functioning or safety of their software?

When a company or an individual hires a software developer or engineer or whoever to build software for him or them.. All what you describe is covered in the contract that is signed before the work begins. If both parties can agree to higher liability for bugs, that's great, but it will probably mean a much steeper rate from the developer. As such, this sort of thing doesn't happen very often, except for very sensitive projects, like say.. I don't know.. a military project that has "unlimited" funding and requires extra special levels of reliability.

And if you're just a dude buying a piece of software that's already been built, the end user license agreement covers all that as well. You buy the software with certain risks in mind. If you don't want them to exist, you'll have to hire a team of developers to build you such software, and you'll have to pay them appropriately, as per my first paragraph.

So what you propose already sort of exists.. the framework does, anyway.

There is a huge difference between cars and software as well. We want cars to be reliable, because if they're not, they can kill. Faulty software almost never kills or leads to injury, although it does happen, I admit. Those cases are exceptions, however.

 

[Timsup2nothin]

For the most part faulty cars don't kill either. There are notable exceptions of course (here's lookin' at you GM), but most faults in cars lead to a tow truck, not a coffin.

 

[ywhtptgtfo]

Softwares in general are much more complex than most physical commodities out there. A better comparison would be something on the scale of an airport, which are almost guaranteed to have day 0 glitches and new issues coming in on a regular basis.

And yes, I agree with warpus that "security experts" are not necessarily qualified to assess this problem unless they also have been a developer/engineer/architect for a number of years.

 

[Timsup2nothin]

As an auto designer once told me, no matter how many bolts we use to put it together it still only takes one nut to take it apart.

Point being that however complex or however simple, if it is intended for use by humans it will still not go according to plan.