The Lawfare Podcast

Jim Dempsey on Standards for Software Liability

Jan 24, 2024

Jim Dempsey, Senior Policy Adviser at Stanford Cyber Policy Center, discusses the proposal for a software liability regime to shift liability onto those who should be securing their software. Topics include legal theories of liability, process-based safe harbor, certification approach, defining software liability standards, design flaws and liability, and the need for quick action in policy-making.

01:04:22

Creator website

Episode guests

Jim Dempsey

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The proposed software liability regime suggests a rules-based approach to establish per se liability for specific flaws, incentivizing developers to eliminate them and improve software security.

To address the complexity of software, a liability regime should also cover design flaws, adopting a defects analysis approach to determine liability for flaws that may not be explicitly listed but are considered unreasonably dangerous.

Deep dives

Defining the Floor: Minimum Standard of Care for Software

The proposed liability regime for software development starts with a rules-based approach to define a floor, which sets the minimum legal standard of care for software. This floor focuses on specific product features or behaviors that should be avoided, such as default passwords, path traversal, and buffer overflow. By identifying these known weaknesses and flaws commonly exploited by attackers, liability can be attached if a product includes these flaws. The goal is to create per se liability for these specific flaws, incentivizing developers to eliminate them and improve software security.

Introduction

3min

Software Liability and the Standard of Care

24min

Exploring Standards for Software Liability

6min

Approach of Certification in Software Liability

16min

Defining Software Liability Standards and the Role of Sissa

2min

Design Flaws and Liability in Software

12min

The Need for Quick Action and Incremental Progress in Policy-Making

3min

Software liability has been dubbed the “third rail of cybersecurity policy.” But the Biden administration’s National Cybersecurity Strategy directly takes it on, seeking to shift liability onto those who should be taking reasonable precautions to secure their software.

What should a software liability regime look like? Jim Dempsey, a Senior Policy Adviser at the Stanford Cyber Policy Center, recently published a paper as part of Lawfare’s Security by Design project entitled “Standards for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor,” where he offers a proposal for a software liability regime.

Lawfare Senior Editor Stephanie Pell sat down with Jim to discuss his proposal. They talked about the problem his paper is seeking to solve, what existing legal theories of liability can offer a software liability regime and where they fall short, and his three-part definition for software liability that involves a rules-based floor and a process-based safe harbor.

Support this show http://supporter.acast.com/lawfare.

Hosted on Acast. See acast.com/privacy for more information.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

The Lawfare Podcast

Jim Dempsey on Standards for Software Liability

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Defining the Floor: Minimum Standard of Care for Software

Analyzing Design Flaws for Liability

Safe Harbor and Process-Focused Liability

Incremental Progress and Balancing Perfection

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

The Lawfare Podcast

Jim Dempsey on Standards for Software Liability

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Defining the Floor: Minimum Standard of Care for Software

Analyzing Design Flaws for Liability

Safe Harbor and Process-Focused Liability

Incremental Progress and Balancing Perfection

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights