RVAsec 2023 has ended
Streaming: https://mssvideo.vcu.edu/RVAsec
Back To Schedule
Tuesday, June 13 • 11:00am - 11:50am
Cybernation: The FUD, Facts, and Future of Software Liability and Security

Log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.

When the 2023 National Cybersecurity Strategy called for “shifting liability to promote secure development practices,” the response from the security (and legal) community often overstated the novelty of the proposal. We have already been living with (various forms of) software liability for confidentiality, integrity, and availability failures for over two decades. This talk clarifies the legal landscape of both what already exists and the likely paths for the future. Cautioning against various security dystopias including Hannah Arendt’s “cybernation,” this talk offers suggestions on buildouts to existing threat modeling frameworks to explicitly consider factors used by courts and regulators to determine liability. These buildouts can better align the security team and in-house counsel in a joint defensive enterprise. But, two scaling issues will remain: the need for a technology regulator of last resort (a “TRoLR”) and a security community-driven model of professionalism.   

avatar for Andrea Matwyshyn

Andrea Matwyshyn

Professor, Law & Engineering, Penn State
Dr. Andrea Matwyshyn is a full professor in the law school and engineering school at Penn State, the Associate Dean of Innovation at Penn State Law, and the founding faculty director of both the Penn State PILOT Lab (Policy Innovation Lab of Tomorrow), an interdisciplinary technology... Read More →

Tuesday June 13, 2023 11:00am - 11:50am EDT
Ballroom A/B