Security by Design
The “Security by Design” project is a multiyear initiative with the objective of creating a density of work product in the area of software design security. This project evaluates several elements of software security, from the secure-by-design and secure-by-default principles to how legal and policy processes could require or incentivize security by design from software developers. It features long-form research papers, articles, podcast interviews and documentation on these questions.
-
Investing in Rust
U.S. public policy can help facilitate market adoption of a relatively new, efficient, and safe programming language called Rust. -
Making Attestation Work for Software Security
Attestation will be part of the federal government’s software procurement process for the foreseeable future. Let’s make it work. -
Moving Slow and Fixing Things
The United States could learn from Europe’s approach to incentivizing cybersecurity. -
Standards of Care and Safe Harbors in Software Liability: A Primer
Deciphering the Biden administration’s nascent software liability efforts. -
Incentives for Improving Software Security: Product Liability and Alternatives
Tort liability is the wrong approach to improving software security; process transparency and Executive Order 14028 offer a path forward. -
Software Liability and Insurance
Insurers can bring unique evidence and legal strategies to software liability cases if the regime creates a path for subrogation. -
Questioning the Conventional Wisdom on Liability and Open Source Software
To improve cybersecurity, open source software should not be completely exempt from software liability. -
Will a Cybersecurity Safe Harbor Raise All Boats?
A private certfication model, leveraging best-in-class cybersecurity assessment and audit practices, could be bolstered by public auditors and reinforced by downstream litigation models with relatively l... -
Security by Design: An Annotated Resource List
A point-in-time effort to capture relevant government documents, guidelines, corporate practice, and analysis on the subject of security by design. -
The Difficulties of Defining “Secure-by-Design”
New survey findings and efforts to identify the most impactful security controls underscore the need for an empirical approach to defining—and promoting—security-by-design. -
It’s Morning Again in Pennsylvania: Rebooting Computer Security Through a Bureau of Technology Safety
In order to escape the computer security bootloop, Congress can create a new technology safety regulator of last resort—the Bureau of Technology Safety (BoTS). -
The Lawfare Podcast: Jim Dempsey on Standards for Software Liability
What should a software liability regime look like?