If you are running an open source web framework like Django or Pylons and a security vulnerability or bug (in the framework itself) causes sensitive/private data to be leaked (like for example, online banking data), who is liable?<p>My understanding is that big corporations tend to stay away from open source because they cannot pass on the liability to someone like Sun or MS, but I'm having trouble finding any specific information on this subject.
I've yet to see a single case where a closed source software vendor accepted liability for data loss and / or security related issues.<p>Do you have a documented case where you can show that a closed source software vendor was forced to cough up at least a sizable part of the damages sued for ?<p>They all pretty much rule out stuff like that, and it would surprise me if such a case existed.<p>The situation is actually the reverse, because closed source gets leaked to the 'bad guys' only (by buying it off some employee with access) the chances of trouble there are a lot larger than with open source where there is a level playing field and the bad guys have just as much access as the good guys.<p>So, no, you can't sue anybody in the open source scene, but you can stay current. And you probably can sue some party in the closed source scene but the bigger question is what you'll do with the outcome of that suit.<p>Most likely the damages are limited to the price of the product by contract.