Harms arising from cybersecurity flaws.

Who is responsible when a cyber incident happens? Software liability describes the attempt to codify a legal standard for when a company or vendor of software might be liable to their customers or users for harms arising from cybersecurity flaws. Setting the standards around liability and designing a regime flexible enough to accommodate the astonishing diversity of software components and products and a range of stakeholders from open source developers to cyber insurers poses a daunting task for policymakers.


The Atlantic Council’s Cyber Statecraft Initiative, under the Digital Forensic Research Lab (DFRLab), works at the nexus of geopolitics and cybersecurity to craft strategies to help shape the conduct of statecraft and to better inform and secure users of technology.