The Lawfare Podcast: Jim Dempsey on Standards for Software Liability
Published by The Lawfare Institute
in Cooperation With
Software liability has been dubbed the “third rail of cybersecurity policy.” But the Biden administration’s National Cybersecurity Strategy directly takes it on, seeking to shift liability onto those who should be taking reasonable precautions to secure their software.
What should a software liability regime look like? Jim Dempsey, a Senior Policy Adviser at the Stanford Cyber Policy Center, recently published a paper as part of Lawfare’s Security by Design project entitled “Standards for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor,” where he offers a proposal for a software liability regime.
Lawfare Senior Editor Stephanie Pell sat down with Jim to discuss his proposal. They talked about the problem his paper is seeking to solve, what existing legal theories of liability can offer a software liability regime and where they fall short, and his three-part definition for software liability that involves a rules-based floor and a process-based safe harbor.