Harms arising from cybersecurity flaws.

Who is responsible when a cyber incident happens? Software liability describes the attempt to codify a legal standard for when a company or vendor of software might be liable to their customers or users for harms arising from cybersecurity flaws. Setting the standards around liability and designing a regime flexible enough to accommodate the astonishing diversity of software components and products and a range of stakeholders from open source developers to cyber insurers poses a daunting task for policymakers.

Projects

Software Liability

01 16 2024

Design Questions in the Software Liability Debate

by Maia Hamin, Sara Ann Brackett, and Trey Herr, with Andy Kotz

Cybersecurity Software Liability
Software Liability

07 19 2023

Why Do SBOM Haters Hate? Or Why Trade Associations Say the Darndest Things

by John Speed Meyers, Sara Ann Brackett, and Trey Herr

Cybersecurity Software Liability

Building a shared lexicon for the National Cybersecurity Strategy

Experts react: The hits and misses in Biden’s new National Security Strategy

Buying down risk: Cyber liability

The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.

learn more