Cyber Defence Library

The Liability of Software Manufacturers for Defective Products

The Liability of Software Manufacturers for Defective Products

The most effective and cost-efficient route to cyber security is the development of secure code. The fewer the vulnerabilities in computer code, the less systems can be manipulated, be it for monetary gain, espionage or system manipulation by States. Yet, construing a legal, economic and policy framework to achieve this objective has eluded the security community for over two decades.

This Tallinn Paper looks into potential problems and solutions with this regard. It argues that cyber security can only be achieved through a multi-stakeholder approach, in which each participant in today’s interconnected social construct bears a degree of responsibility. No single player in this system can be expected to carry the full burden of cyber security, or the full blame for cyber insecurity. Responsibility for enhancing the security of software must be shared between manufacturers, who release it into the market; legislators, who are in a position to impose security requirements on the manufacturers; end-users, who must keep the software applications they use up-to-date and patched; and finally also the education system, which has to support awareness among end-users.