Stanford’s Dempsey calls for mix of legislation and standards to establish software liability protections

Establishing liability protections for software manufacturers can be accomplished by creating a rules-based “floor” for software security and a process-based “safe harbor” to incentivize secure development practices, according to Stanford Cyber Policy Center’s Jim Dempsey.

Dempsey proposes a legislative solution in a new paper “that would be implemented by regulatory action drawing upon real-world observations of common and routinely exploited software flaws” to establish the floor, alongside the creation of “technical standards for secure software development” to establish process-based...