Shields Up For Software

This Article contends that the National Cybersecurity Strategy\u27s software liability regime should incorporate two safe harbors. The first would shield software creators and vendors from liability for decisions related to design, implementation, and maintenance, as long as those choices follow enumerated best practices. The second—the “inverse safe harbor”—would have the opposite effect: coders and distributors who engaged in defined worst practices would automatically become liable. This Article explains the design, components, and justifications for these twin safe harbors. The software safe harbors are key parts of the overall design of the new liability regime and work in tandem with the standard of care proposed in the National Cybersecurity Strategy. The safe harbors’ role is to provide certainty to regulated entities; to reduce the administrative costs of the new regime; and to create incentives for adopting best practices or avoiding worst ones