Should Software Companies Be Held Liable for Security Flaws?
Whenever there is a data breach, ransomware attack or other cybersecurity incident, people want to find someone to blame, Daniel Castro writes in The Wall Street Journal. The obvious culprit is the attacker, often a cybercriminal or nation-state hacker. But since they often evade justice, it is easier to point the finger closer to home.
Software companies are one scapegoat. Making them liable for cybersecurity flaws has some obvious appeal. Imposing costs of security failures on them presumably would increase their incentive to fix problems proactively. But this assumes lack of financial commitment is the reason for insecure software.
