Thanks, Robert. I frankly wasn't familiar with the waiver you described. And reversing it might help to enforce accountability throughout the software supply chain.
With that said, how would you establish a balance between allowing litigation and facilitating innovation? As we have seen with healthcare (although I know this is a slightly …
Thanks, Robert. I frankly wasn't familiar with the waiver you described. And reversing it might help to enforce accountability throughout the software supply chain.
With that said, how would you establish a balance between allowing litigation and facilitating innovation? As we have seen with healthcare (although I know this is a slightly different situation), the inability to waive the right to sue has driven costs through the roof and made innovation challenging.
I don't know the right answer here but appreciate your perspective.
The balance between risk and inspiring innovation in IT/ICS/OT/cyber should be driven by the market place. The biggest software vendors have had unfettered access to business and consumer markets without risk of liability or accountability. Moreover, they foist unfunded maintenance and remediation costs onto users especially those in business and government whenever they issues patches and updates that tend to require user to test and update legacy systems servers and apps to work as advertised with new OS configurations. If these vendors were subject litigation and legal accountability for defective/vulnerable software the very risk management principles you cited in the article would tend to drive softer vendors’ behavior towards holistically securing their products. In the automotive industry recalls are significant motivation to manufacturers because the entire burden of cost falls on the manufacturers. Consumers, fleet managers, and dealers are indemnified from manufacturing defects. I think the analog fits the cyber domain and I can tell you the software industry lobby has a vise grip on Congress to retain the waiver of warranty of merchantability and fitness for use provision of the Universal Commercial Code.
Thanks, Robert. I frankly wasn't familiar with the waiver you described. And reversing it might help to enforce accountability throughout the software supply chain.
With that said, how would you establish a balance between allowing litigation and facilitating innovation? As we have seen with healthcare (although I know this is a slightly different situation), the inability to waive the right to sue has driven costs through the roof and made innovation challenging.
I don't know the right answer here but appreciate your perspective.
The balance between risk and inspiring innovation in IT/ICS/OT/cyber should be driven by the market place. The biggest software vendors have had unfettered access to business and consumer markets without risk of liability or accountability. Moreover, they foist unfunded maintenance and remediation costs onto users especially those in business and government whenever they issues patches and updates that tend to require user to test and update legacy systems servers and apps to work as advertised with new OS configurations. If these vendors were subject litigation and legal accountability for defective/vulnerable software the very risk management principles you cited in the article would tend to drive softer vendors’ behavior towards holistically securing their products. In the automotive industry recalls are significant motivation to manufacturers because the entire burden of cost falls on the manufacturers. Consumers, fleet managers, and dealers are indemnified from manufacturing defects. I think the analog fits the cyber domain and I can tell you the software industry lobby has a vise grip on Congress to retain the waiver of warranty of merchantability and fitness for use provision of the Universal Commercial Code.