Actual laws and penalties to hold software vendors liable for insecure products are at least a decade away, despite ongoing legal efforts; experts aim to spark discussions for more legal liability for vendors whose vulnerabilities lead to customer damages, with the Biden White House supporting the cause. Software developers often escape liability through licensing agreements; legal protections are lacking for customers affected by software flaws, despite efforts to establish a legal 'standard of care'. Notably, companies like Progress Software and Okta have evaded legal liability for customer losses due to vulnerable software products
Policy expert James Dempsey advocates for carefully defined guidelines to determine reasonable cybersecurity standards for software vendors, proposing a 'safe harbor' for hard-to-detect flaws. The Biden Administration sees legislation as crucial for ensuring accountability but acknowledges it is a long-term goal. Discussions on proposed legal frameworks for software liability are set to take place at the RSA Conference, aiming to provide vendors with insights into the evolving liability landscape. ```https://www.darkreading.com/cyber-risk/software-security-too-little-vendor-accountability-experts-say