Experience, Information Technology, Investing, Thank You Sir May I Have Another

How Much Liability Insurance?

Judge's GavelThis question has been rattling around in the back of my mind given the qt-interest on and off-list conversations  I’ve been having about QML and “lone wolf” development of idiot phone apps.

How much liability insurance are you carrying?

The courts are letting plaintiffs gather in bulk now and companies have started pointing the finger at software providers. You might remember Equifax tried to finger Struts only to later admit they had the patch for Struts in their possession and put off applying it for months.

Interesting read about the per-violation damages Equifax is looking at now that things are moving to court.

https://www.marketwatch.com/story/equifax-could-pay-for-data-breach-in-court-2017-09-13

How many of you releasing stuff into the wild, be it idiot phone apps or IoT software have considered the amount of liability insurance you really need? Not just for the potential direct damages a bug in your stuff might cause a user, but, like that insecure “smart” device and in the case of Equifax, Struts, becomes the point where a network is breached and your software is now known worldwide as the software which allowed a T.J. Maxx or Equifax sized identity theft? Do you really think the company holding the data isn’t going to turn around and sue you for the damages, assuming they can’t just directly finger you and sidestep court all together?

We as Qt developers and IT professionals in general are standing at the edge of an abyss. Automated testing won’t protect you from a failure in your program allowing a breach to happen.

You may wish to believe

“So what? My hokey little Biorythms phone app crashed. It’s for entertainment purposes only.”

But, did it crash in such a way as to leave some form of console/terminal/inbound network access open? Why? Because your app was on the phone of a Transunion employee who was “saving their data plan” by connecting to the company network and their phone was still connected.

You may have made the person check a “hold harmless” box before they could run your app, but, Transunion didn’t check that box and they have more lawyers than you.

I’m not the only one thinking about this.

https://www.nowsecure.com/blog/2016/11/03/mobile-app-security-risks-could-cost-you/

https://www.bbc.com/news/business-37541594

Since January is a time for resolutions and plans, this is one to contemplate. Does the lure of a fast buck with a phone app you can write on your own out way the risks and theoretical liability?