This post was originally posted on GitHub Community, but the site is moving to GitHub Discussions.
I have a question for the GitHub Community: Is there a license out there that reassures the world that a dev’s software (e.g. library) will not be used to cause collateral damage (e.g. black-hat hacking)? For (a hypothetical) example, a library developer - let’s call him Bob - is developing C++ source code that makes it easy for other developers to access files in an OOP style; he applies an open source license (MIT for example) for his library. Then a cyber attacker - let’s call her Mallory - gets a hold of Bob’s library, and she uses it in a malware that ends up infecting a critical network that stores confidential info, and deleting all of the files in every computer in that network. Bob sees this on the news (not knowing that it was Mallory who hacked the network), and he is starting to think:
I hope the hackers didn’t use my library.
I am hoping to publish my own library, but I don’t want to be put in a similar scenario that Bob was in as the implications could be very impactful; Although there are licenses that protect developers from being sued, it could impact their morale as they know they are enabling hackers to do more harm. This is why I am looking for a license that can reassure the world that a dev’s software will not be used to cause collateral damage.
I hope this question spurs a (civil) conversation in the comments, and/or this will enable organizations like MIT, GNU, Apache, Mozilla and the Open Source Initiative to create a new kind of license (and redefine the term “Open Source”) that will prevent collateral damage in the first place.