Question using trust Driver signing

Hello,

I have some questions :

Someone legally signs their kernel driver with a legally purchased certificate and signs it with Microsoft portal service for windows 10.11 compatibility,
He is amateur (confirmed) on windows kernel driver development.

What happens if its driver deployed contains bugs making the Windows system unstable?
What happens if the use of its driver causes BSODs?
What happens if a some users complains ?
What happens if the developer is not able to correct system instability and BSOD bugs caused by his driver (the developer’s)?

INFO: Developing a driver becomes more and more complicated when a new windows is deployed.

Thanks.

This is a legal question and generally none of us, especially me, are qualified to answer the question. However, the general practice is to include a license with your software that basically states that you or your corporation are not liable for damages resulting from defects in your software. This is the case for all software, all of which can have defects that can result in harm to the user.

1 Like

The purpose of the digital signature is not to ensure quality. The purpose is to ensure that there is a rock-solid path toward establishing your identity for liability purposes. If you distribute an unsigned driver that causes BSODs and instability, you could always say “well, I don’t know where they got that, I didn’t produce it.” But if the package had your digital signature, then it has to be you. Those who were damaged can use the certificate chain to locate you and sue you.

1 Like

Rock solid or not, a chain of identity does not indicate in any way what they can sue you for. Everything varies by jurisdiction, but generally software, especially free software, is provided as is without any warrantee or guarantee of fitness for a purpose.

Certainly being sued - even when you have no culpability or liability still sucks