Jim Dempsey on Standards for Software Liability
The Lawfare Podcast
The Lawfare Institute
4.7 • 6.4K Ratings
🗓️ 24 January 2024
⏱️ 67 minutes
🧾️ Download transcript
Summary
Software liability has been dubbed the “third rail of cybersecurity policy.” But the Biden administration’s National Cybersecurity Strategy directly takes it on, seeking to shift liability onto those who should be taking reasonable precautions to secure their software.
What should a software liability regime look like? Jim Dempsey, a Senior Policy Adviser at the Stanford Cyber Policy Center, recently published a paper as part of Lawfare’s Security by Design project entitled “Standards for Software Liability: Focus on the Product for Liability, Focus on the Process for Safe Harbor,” where he offers a proposal for a software liability regime.
Lawfare Senior Editor Stephanie Pell sat down with Jim to discuss his proposal. They talked about the problem his paper is seeking to solve, what existing legal theories of liability can offer a software liability regime and where they fall short, and his three-part definition for software liability that involves a rules-based floor and a process-based safe harbor.
Support this show http://supporter.acast.com/lawfare.
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | The following podcast contains advertising. |
| 0:04.0 | To access an ad-free version of the Lawfair Podcast, |
| 0:08.0 | become a material supporter of Lawfair at Patreon.com slash Lawfair. That's Patreon.com |
| 0:16.4 | slash Lawfair. Also check out Lawfair's other podcast offerings, rational security, chatter, lawfare no bull, and the aftermath. |
| 0:30.0 | If you care about the state of the world and want to set it on a better course, we have a solution that may be somewhat surprising. |
| 0:39.0 | Work in finance. At CFA Institute, our programs and courses are deeply rooted in ethical perspective. |
| 0:46.0 | But we don't just teach. |
| 0:48.0 | We create codes of conduct and impact key policy issues with global governments and regulators. |
| 0:54.1 | To join a global network of investment professionals, |
| 0:57.2 | visit CFA Institute.org slash set the standard today. So it basically says how do you develop secure software, You, the software developer, define a risk, you identify risks, and then you address those risks, and you document what you're doing. |
| 1:22.0 | Well, if the developer low balls a risk environment, |
| 1:27.0 | then they can lowball the controls, the security measures. |
| 1:33.0 | I'm Stephanie Pell, senior editor at Law Fair, |
| 1:36.0 | and this is the Law Fair Podcast January 24, |
| 1:40.0 | 2024. |
| 1:41.0 | Software liability has been dubbed the third rail of cybersecurity policy. |
| 1:47.0 | But the Biden administration's national cybersecurity strategy directly takes it on, seeking to shift liability onto those who should be taking |
| 1:56.6 | reasonable precautions to secure their software. |
| 2:00.6 | What should a software liability regime look like? |
| 2:04.0 | Jim Dempsey, a senior policy advisor at the Stanford Cyber Policy Center, |
| 2:09.0 | recently published a paper as part of law fair security by design initiative entitled |
| 2:15.4 | Standards for Software Liability. Focus on the product for liability, focus on the |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from The Lawfare Institute, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of The Lawfare Institute and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.