So, how is open-source software implicated? If a commercial software product causes harm, whoever put the software on the market will soon be strictly liable. You will need to prove that your code wasn’t to blame to escape the costs. But what if you’ve embedded open-source code, used open-source tools, or called open-source APIs? Under the pending rules, you’d be liable for any errors in those sources as well, regardless of whether you directly contributed or not. A license like the one Apache provides won’t help, since state-imposed strict liability isn’t a harm that can be licensed away by private actors. The user must be made whole, and that’s on you.