Media Coverage
Source: Inside Cybersecurity
Media Coverage
Press Contacts: Erik Cummins, Matt Hyams, Olivia Thomas
03.28.18
Some policymakers have expressed an interest in examining the current liability exemptions that software developers claim for their products when hackers take advantage of flaws in their products, reports news service Inside Cybersecurity. Cybersecurity, Data Protection & Privacy partner Brian Finch believes there might be a link between that idea and ongoing efforts by lawmakers to adjust the language of the SAFETY Act so that it is clear that it applies to cyber products.
Finch thinks the SAFETY Act certification process and liability relief may be an option for them if policymakers start reviewing those protections.
“You could go through the SAFETY Act and get software development and patch management processes approved,” Finch told Inside Cybersecurity, adding that this is “particularly relevant for industrial control system and cybersecurity software."
According to Finch, the existing legal protections are based on common law, not statutory immunity, which means they can change at any time, and there’s always the chance that the Federal Trade Commission could clarify responsibilities. In his opinion, the National Institute of Standards and Technology and National Telecommunications and Information Administration could provide the venue for these discussions.
“We need to put a process in place to review and patch vulnerabilities,” Finch said.
Finch told the publication that when hackers exploit products, “the most effective thing we could do immediately is have federal agencies through their buying power say that software makers are liable for damage and replacement costs.”
Citing estimates that between 1 and 5 percent of code is written with errors, Finch said, “One percent in a car is a million lines of code -- that's a lot of places for a hacker to exploit. Getting that down is behavior you'd like to incentivize."