An interesting article over at CNet News discusses liability of software makers when flaws are discovered. After a busy week plagued with Sobig.F and MSBlast.D attacks, the question has been raised once again, however according the article Microsoft's security failings may draw repeated beatings in the court of public opinion, but they will likely never be tested in a court of law unless current product liability statutes are rewritten.
Problems with physical products routinely yield multimillion-dollar verdicts and settlements in litigation-happy America. But software vendors are largely protected from product defect claims thanks to unusual exemptions enshrined in typical software licenses--boilerplate known in the industry as End User License Agreements (EULAs) or "shrink-wrap" licenses, so called because they're often printed inside the shrink-wrapped box containing the product or incorporated into the software itself.
It's a complex matter overall and in the case of last week's attacks, I can't agree Microsoft should or could be named as the inmediate responsable, think about it and a product like Windows is extended to many different functionalities during its life span some of which are way out of control of the software company (not to mention unresponsible users, etc.), I won't justify them either but once again it's a very complex subject.