Posted inExperience / Information Technology / Investing / Thank You Sir May I Have Another

How Much Liability Insurance?

seasoned_geek by seasoned_geek

Judge's GavelThis question has been rattling around in the back of my mind given the qt-interest on and off-list conversationsĀ  I’ve been having about QML and “lone wolf” development of idiot phone apps.

How much liability insurance are you carrying?

The courts are letting plaintiffs gather in bulk now and companies have started pointing the finger at software providers. You might remember Equifax tried to finger Struts only to later admit they had the patch for Struts in their possession and put off applying it for months.

Interesting read about the per-violation damages Equifax is looking at now that things are moving to court.

https://www.marketwatch.com/story/equifax-could-pay-for-data-breach-in-court-2017-09-13

How many of you releasing stuff into the wild, be it idiot phone apps or IoT software have considered the amount of liability insurance you really need? Not just for the potential direct damages a bug in your stuff might cause a user, but, like that insecure “smart” device and in the case of Equifax, Struts, becomes the point where a network is breached and your software is now known worldwide as the software which allowed a T.J. Maxx or Equifax sized identity theft? Do you really think the company holding the data isn’t going to turn around and sue you for the damages, assuming they can’t just directly finger you and sidestep court all together?

We as Qt developers and IT professionals in general are standing at the edge of an abyss. Automated testing won’t protect you from a failure in your program allowing a breach to happen.

You may wish to believe

“So what? My hokey little Biorythms phone app crashed. It’s for entertainment purposes only.”

But, did it crash in such a way as to leave some form of console/terminal/inbound network access open? Why? Because your app was on the phone of a Transunion employee who was “saving their data plan” by connecting to the company network and their phone was still connected.

You may have made the person check a “hold harmless” box before they could run your app, but, Transunion didn’t check that box and they have more lawyers than you.

I’m not the only one thinking about this.

https://www.nowsecure.com/blog/2016/11/03/mobile-app-security-risks-could-cost-you/

https://www.bbc.com/news/business-37541594

Since January is a time for resolutions and plans, this is one to contemplate. Does the lure of a fast buck with a phone app you can write on your own out way the risks and theoretical liability?

Roland Hughes started his IT career in the early 1980s. He quickly became a consultant and president of Logikal Solutions, a software consulting firm specializing in OpenVMS application and C++/Qt touchscreen/embedded Linux development. Early in his career he became involved in what is now called cross platform development. Given the dearth of useful books on the subject he ventured into the world of professional author in 1995 writing the first of the "Zinc It!" book series for John Gordon Burke Publisher, Inc.

A decade later he released a massive (nearly 800 pages) tome "The Minimum You Need to Know to Be an OpenVMS Application Developer" which tried to encapsulate the essential skills gained over what was nearly a 20 year career at that point. From there "The Minimum You Need to Know" book series was born.

Three years later he wrote his first novel "Infinite Exposure" which got much notice from people involved in the banking and financial security worlds. Some of the attacks predicted in that book have since come to pass. While it was not originally intended to be a trilogy, it became the first book of "The Earth That Was" trilogy:
Infinite Exposure
Lesedi - The Greatest Lie Ever Told
John Smith - Last Known Survivor of the Microsoft Wars

When he is not consulting Roland Hughes posts about technology and sometimes politics on his blog. He also has regularly scheduled Sunday posts appearing on the Interesting Authors blog.