Legal Question in Technology Law in Virginia
internet law regarding exposing bugs in the public domain
Can a person who exposes a bug to the public domain be found liable or partially liable for damages if:
someone else uses that bug to cause damage to a particular internet company?
By bug I mean a flaw in the internet that allows someone unauthorized access to a particular system.
1 Answer from Attorneys
Re: internet law regarding exposing bugs in the public domain
The standard practice that has evolved in such cases is for the discoverer to first report the problem to the software company in order to afford it an opportunity to verify the problem and prepare a fix, prior to publishing the problem in news media (or otherwise disclosing it to the general public). Because this practice has evolved to be the standard and approved one, failure to take that approach might be actionable -- not a high probability of success, I think, since the elements of a negligence claim are (1) some duty to the injured party, and (2) unexcused failure to fulfill that duty. Here, a discoverer of a defect has no duty to the software developer, which would be a big hurdle to establishing liability. Nevertheless, a large developer might well sue anyway in order to chill such conduct by others in the future....
Best wishes,
LDWG