Top Government Officials Say Software Providers Should Bear Liability for Insecure Code

The Atlantic Council hosted a discussion between four senior government officials on the implementation of the White House’s National Cybersecurity Strategy.

The panelists at the event were Jen Easterly, the director of the Cybersecurity and Infrastructure Security Agency and a 2023 Wash100 winner; Kemba Walden, the acting national cyber director; Nathaniel Fick, the Department of State’s ambassador for cyberspace and digital policy; and Marshall Miller, the Department of Justice’s principal associate deputy attorney general.

In line with a core principle of the National Cybersecurity Strategy, Easterly and Walden agreed that accountability for flawed software code should not fall to end users. According to the CISA director, encouraging safety-first software design means that developers should be held responsible for following best practices.

Miller highlighted ongoing Justice Department efforts to enforce new contracting and procurement rules with a focus on ensuring that software vendors disclose cyber incidents and technical deficiencies, Nextgov reported Thursday.