Although the complaint is at an early stage, it points to the possibility that companies manufacturing software applications could be held liable for selling defective products to consumers — in exactly the same way that auto makers have long been held liable.
The concept of software liability has long been debated. Although the internet of everything is upon us and software is eating the world -- we live our lives with license agreements that make software vendors immune to liability for damage or losses due to defects.
As Bruce Schneier observed more than a decade ago: there are no real consequences for having bad security, or having low-quality software of any kind. Even worse, the market often rewards low quality. More precisely, it rewards additional features and timely release dates, even if they come at the expense of quality.
Maybe things are changing? Let's watch and see what happens in a court room in Cologne.
Also, let's remember that courts are not the only arbiters of software liability. As highlighted in this year's State of the Software Supply Chain Report, organizations that promulgate defective software applications upon unsuspecting members of the public are being held liable by various regulatory entities. Just a month ago, Britain’s Information Commissioner's Office (ICO) -- the country’s data regulator, fined the Gloucester City Council £100,000 after a hacker exploited a well-known open source security flaw on a Gloucester City website months after the vulnerability had been publicly disclosed and fixes made available.