Open Source Programmer’s Insurance
Slashdot rejected my question submission, so I’ll write about it in my blog and see if anyone is interested in answering it.
I have insurance, but I want exactly the RIGHT insurance. My insurance agent says that what I have may very well cover what I do, but is hunting high and low for insurance that will explicitly rather than implicitly cover both the design AND the programming portions of my business without making me broke. All she’s finding are either policies with specific exclusions for web programming, or policies that are exceptionally expensive.
The problem is that every programmer is being lumped together. That means that programmers working on the stock exchange big bucks applications with billions of dollars in transactions a day at risk are being lumped in with smalltime web programming outfits like mine. I’m a programmer on the PmWiki project, and I create custom plug-ins for PmWiki for clients before contributing what I can back to the project, or accept bounties for plug-ins made directly available to the general public. I’ve also made alterations to other plug-ins for other open-source projects, and I’m creating an open source project or three of my own.
Now, I am not belittling the risks to my customers. I know that their business is everything to them, and that’s why I’m looking for insurance. But I don’t play with the big boys and my customers are not forking over the big bucks to cover the overhead I would have to pass along to my customers to cover the big insurance policies.
If I’m installing ZenCart, and ZenCart has a bug, am I covered? I never touched the back-end of the program, but of course every application — open source or otherwise — has inherent bugs and risks. I trust open source because the bugs are squished in a timely manner and I don’t have to pay for upgrades. Would all those policies with programming exclusions cover this?
When a policy excludes programming, I see there being a really fuzzy line between “web design” and “web programming”. Certainly there’s a point at which something is very clearly web programming, but is it programming if I create a script that processes a webform to email the results to my client? Is it programming if I’m creating JavaScript DHTML DOM alterations? What about when I’m working on a design for a Smarty template? There’s pseudocode and even PHP code in there, but it’s all about the design.
In any case, what I want to know from my fellow collaborators in the world is:
What, if anything, do you do about insurance for your web application or programming company?
Do you have any suggestions for underwriters for open source programmers?
If you aren’t insured, have you even considered being insured?
I never gave any thought to insurance. I simply release liability since I did not write the program. I comfort customers wuth knowing that I am available for support.
Comment by JM — December 6, 2006 @ 11:00 am
Hi, JM –
Forgive my rant
I could do what you’re talking about if someone came to me and said “Hi, I have OSCommerce installed, and I need something customized.”
I’d ring the appropriate warning claxons, that in that program anything customized breaks the package, yadda yadda, and go to it because while poorly programmed, I “get” (as in “understand”) OSCommerce and can customize it.
However, I’m not just in the business of programming. I’m in the business of making suggestions.
People with all types of familiarity with technology come to me with needs and ideas. Often the familiarity is zero, and the need is vague. I try to ask the right questions, find good answers. I’d probably be liable if I gave bad advice. Say I suggested ZenCart, installed it, and something was vulnerable. Who is liable? In this world full of lawsuits, the first thing people do is point fingers and try to place blame. Ok, maybe it’s the second or third thing, but it’s up there on the list. Followed closely by getting restitution, now in the form of money instead of cows and daughters…
I can’t blame my client for ignorance or following my advice: we all have no choice whatsoever but to defer to people with expertise in the fields we don’t know. I doubt there’s a person in the world who can cobble their own shoes, grow and mill their own grain, slaughter their own meat, weave their own clothes from fibers, create chips to solder together to build their own computer, create the CPU, video card, and RAM from scratch in their backyard lab, program their homemade OS, and program their own World of Warcraft to while away their time and decompress.
In technology this is perhaps more true than most other fields. We absolutely must defer judgement to others about security, programming decisions, operating system features, etc. — even if we have choices, our choices are limited. Can the same person know all the programming languages, all the hardware idiosyncrasies, how to deal with every aspect of the Internet, administer every type of server, and use every software package out there? I’d hazard to say no. So we all depend on others to take care of some aspect of our technological lives. Yeah, we can install any of dozens of flavors of linux, but even the time we need to take to research which one is a precious waste (see other posting about time: http://www.eclectictech.net/etblog/2006/06/08/thank-you-for-your-time-2/).
I made the decision NOT to be a web hosting service. I have my own static IP — could get a few more if I wanted, I can build and maintain my own servers, I can configure them, harden them, etc. I decided NOT to because I didn’t want the liability — being in charge of the security was my biggest stumbling block. There’s no way I can financially compete with GoDaddy et al. so I defer to others to host websites instead of me. For some reason many design firms think they need to host. Many of the businesses that do general IT and take viruses off Windows PCs think they need to do web design. In this huge field, people can’t be satisfied to specialize a bit? I often consider taking my own advice on that one. As soon as I figure out what I’m best at being paid for, I might.
I used to say I did Mac support, sometimes people ask me about it and ask whether I do it — it’s on the business cards, it’s on the bottom of my site (I haven’t changed it yet — I’m still thinking of what to put there instead). I’m thinking about whittling out those services. I can’t keep on top of web design, especially now that the buzz has started on Web 3.0 when I haven’t fully caught up on 2.0 (and I know it’s hype, so I’m not THAT concerned), and also keep up on the Intel Mac, dual boot support, Parallels, the changes to software packages, etc. Something has to lose, and more people want my web programming and design expertise. I’m specializing in custom self-service websites. That is a niche that causes me to stand out head & shoulders above my “local competitors”.
Sure, anyone else can dish out open source programs, template them, customize the app, customize the design, etc. but to further separate me from the competitors, how many are female and in Orange County New York? Even if I had a male competitor living next door, he has to hustle to keep up with me in the local business community, and I can play up my unfair advantage by joining women’s networking groups. So I do. And the first female PHP/MySQL programmer doing the same thing to walk into those groups is going to be my best friend if she’ll let me. I could use someone to gripe at that is in my situation, we could subcontract to each other, brainstorm together, write open source packages together….. sheesh, we could team up for a business partnership if we like each other enough. Then I’ll ask her to marry me….
Back to insurance:
I make suggestions, and I program custom add-ons or alterations to open source packages. Even if I only did installations or “flat” html, “without warranty”, and had it signed in writing, nothing is going to stop Mr. Ticked Off Customer from trying, and defense in court is ugly. I’m getting somewhat higher profile customers, I want to be covered.
Also, even if something I programmed in PmWiki wasn’t specifically for the customer, but I installed my own plug-in for the app on someone’s server for them, paid for installation not code writing, and the plug-in caused a problem…
Or if someone else voluntarily installs my plug-ins on their computer….
Am I covered?
What if you did a lousy job at support? If you should have installed a security plug-in for them, but didn’t even think of it. Is that neglect?
We’re liable the moment we set ourselves up as “experts” at something. People trust us. I just want to find out if anyone’s covered.
Good luck!! Thanks for reading and responding!!
Crisses
Comment by Crisses — December 6, 2006 @ 11:56 am