I like this proposal by Derek Bambauer and Melanie Teplinsky for imposing responsibility on software development:<\/p>\n
\nAs part of the\u00a0National Cybersecurity Strategy<\/a>, the Biden administration seeks to \u201cdevelop legislation establishing liability\u00a0for software products and services,\u201d which would include \u201can adaptable safe harbor framework to shield from liability companies that securely develop and maintain their software products and services.\u201d We propose that this software liability regime incorporate one safe harbor and one \u201cinverse safe harbor.\u201d\u00a0\u00a0The first would shield software creators and vendors from liability if they follow enumerated best practices in design, development, and implementation. The second\u2014the inverse safe harbor, or sword\u2014would automatically impose liability on developers who\u00a0engage in defined worst practices<\/a>. The safe and inverse safe harbors will provide certainty to regulated entities, reduce administrative costs, and create incentives for improving security. This article describes the twin safe harbors, their policy goals, and the key design criteria for their success.\u00a0[Lawfare<\/strong><\/a>]<\/em><\/p>\n<\/blockquote>\n
OK, so I don’t much care for the terminology. Positive ‘safe harbor,’ sure. ‘Inverse safe harbor’? No. How about ‘poison pill,’ ‘irresponsible,’ or ‘your greed blinds you to everything’?<\/p>\n
I’ll think on it, yeah.<\/p>\n","protected":false},"excerpt":{"rendered":"
I like this proposal by Derek Bambauer and Melanie Teplinsky for imposing responsibility on software development: As part of the\u00a0National Cybersecurity Strategy, the Biden administration seeks to \u201cdevelop legislation establishing liability\u00a0for software products and services,\u201d which would include \u201can adaptable safe harbor framework to shield from liability companies that securely \u2026 Continue reading