Software Product Liability
Jody Armour
Watts S. Humphrey
Technical Report
CMU/SEI-93-TR-013
Voyne Ray Cox settled into the radiation machine for the eighth routine treatment of his largely cured cancer. The operator went to the control room and pushed some buttons. Soon, the machine went into action and the treatment began. A soft whir and then an intense searing pain made him yell for help and jump from the machine. The doctors assured him there was nothing to worry about. What they didn't know was that the operator had inadvertently pushed an unusual sequence of controls that activated a defective part of the software controlling the machine. He didn't die for six months but he had received a lethal dose of radiation. This software defect actually killed two patients and severely injured several others. The final decisions in the resulting lawsuits have not been made public.
Software defects are rarely lethal and the number of injuries and deaths is now very small. Software, however, is now the principle controlling element in many industrial and consumer products. It is so pervasive that it is found in just about every product that is labeled "electronic." Most companies are in the software business whether they know it or not. The question is whether their products could potentially cause damage and what their exposures would be if they did.
While most executives are now concerned about product liability, software introduces a new dimension. Software, particularly poor quality software, can cause products to do strange and even terrifying things. Software bugs are erroneous instructions and, when computers encounter them, they do precisely what the defects instruct. An error could cause a 0 to be read as a 1, an up control to be shut down, or, as with the radiation machine, a shield to be removed instead of inserted. A software error could mean life or death.