Abstract

http://ssrn.com/abstract=1010069
 
 

Citations (2)



 
 

Footnotes (361)



 


 



Tort Liability for Vendors of Insecure Software: Has the Time Finally Come?


Michael D. Scott


Southwestern Law School


Maryland Law Review, Vol. 62, No. 2, 2008

Abstract:     
Since 9/11, increased attention has been given to the security of critical national infrastructures, including transportation, finance, electric power, water supply, military, homeland security, and disaster recovery, to name but a few. These sectors are all dependent on the evolving information infrastructure, which in turn is dependent on the availability of secure software. Yet, government and industry are plagued by operating system and applications software containing myriad security vulnerabilities through which hackers and cyberterrorists can (and do) gain access to, and in many cases, take control of computer systems containing sensitive information - personal financial and medical information, corporate trade secrets and even top secret national security information.

To date courts have generally refused to find software vendors responsible for these vulnerabilities, allowing them to disclaim any liability through contractual provisions contained in software licenses. This article looks at the evolution of the software industry over the last 30 years, and the development of tort concepts during that same time period. While it may not be appropriate to apply tort law to general software, such as word processors and videogames, strong arguments can be made that current tort law can (and should) be applied to software intended to provide system and network security.

The federal government enacted the Sarbanes-Oxley Act in 2002 to deal with corporate fraud. The Act requires executives of publicly traded companies to certify that their company's computer systems are secure - under penalty of substantial fines and jail terms. Yet, the vendors who provide the software for those systems are under no obligation to certify that their software is secure.

Unless and until the government enacts legislation placing a burden on software companies to improve their software security, tort law can provide an ideal mechanism for enforcing the reasonable expectations of software licensees and users, particularly in the area of software intended to secure computer systems and networks.

Number of Pages in PDF File: 70

Keywords: software, tort, liability, negligence, product liability

JEL Classification: K13, L86, O33

Accepted Paper Series


Download This Paper

Date posted: August 27, 2007  

Suggested Citation

Scott, Michael D., Tort Liability for Vendors of Insecure Software: Has the Time Finally Come?. Maryland Law Review, Vol. 62, No. 2, 2008. Available at SSRN: http://ssrn.com/abstract=1010069

Contact Information

Michael Dennis Scott (Contact Author)
Southwestern Law School ( email )
3050 Wilshire Blvd.
Los Angeles, CA 90010
United States
Feedback to SSRN


Paper statistics
Abstract Views: 2,509
Downloads: 281
Download Rank: 60,726
Citations:  2
Footnotes:  361

© 2014 Social Science Electronic Publishing, Inc. All Rights Reserved.  FAQ   Terms of Use   Privacy Policy   Copyright   Contact Us
This page was processed by apollo4 in 0.250 seconds