---
title: "Should Software Companies Be Held Liable for Security Flaws?"
summary: |-
  Imposing liability on software companies would likely do more harm than good. Companies would pass on those costs to customers, raising costs for everyone with no guarantee of better security.
date: "2023-06-06"
issues: ["Cybersecurity"]
authors: ["Daniel Castro"]
content_type: "Op-Eds & Contributed Articles"
canonical_url: "https://www.wsj.com/articles/should-software-companies-be-held-liable-security-flaws-d2a3f5db"
---

# Should Software Companies Be Held Liable for Security Flaws?

Whenever there is a data breach, ransomware attack or other cybersecurity incident, people want to find someone to blame, [Daniel Castro writes in The Wall Street Journal](https://www.wsj.com/articles/should-software-companies-be-held-liable-security-flaws-d2a3f5db). The obvious culprit is the attacker, often a cybercriminal or nation-state hacker. But since they often evade justice, it is easier to point the finger closer to home.

Software companies are one scapegoat. Making them liable for cybersecurity flaws has some obvious appeal. Imposing costs of security failures on them presumably would increase their incentive to fix problems proactively. But this assumes lack of financial commitment is the reason for insecure software.

[Read the full op-ed.](https://www.wsj.com/articles/should-software-companies-be-held-liable-security-flaws-d2a3f5db)




---
*Source: Information Technology & Innovation Foundation (ITIF)*
*URL: https://www.wsj.com/articles/should-software-companies-be-held-liable-security-flaws-d2a3f5db*