The Liability of Software Manufacturers for Defective Products

Editor’s Note: The following is a brief excerpt from a peer reviewed publication. The complete article is attached here.


by Liis Vihul, Researcher, NATO Cooperative Cyber Defence Centre of Excellence

By contrast, if penetration testing was a legal requirement, and an end-user suffered harm as a result of the manufacturer’s failure to comply with the norm, the  manufacturer would be liable for the resulting loss. Of course, any such approach must be informed by technological and economic reality, and therefore requires careful consideration prior to adoption. But setting specific obligations out in legislation, as opposed to basing them only on industry initiative and thus leaving compliance subject only to industry scrutiny, would also open the door to  administrative oversight by the State, and allow for appropriate sanctions in the case of noncompliance. The State, as opposed to individual end-users, is a much  more powerful and effective guarantor of national cyber security than end-users, who are primarily concerned with the functionality of software programs in support of their everyday activities.

Leave a Reply

17 − four =