Chapter 3. Establishing Corporate Accountability
With great power comes no responsibility.
Tristan Harris during his 2019 congressional testimony
Where experiment or research is necessary to determine the presence or the degree of danger, the product must not be tried out on the public, nor must the public be expected to possess the facilities or the technical knowledge to learn for itself of inherent but latent dangers. The claim that a hazard was not foreseen is not available to one who did not use foresight appropriate to his enterprise.
Robert H. Jackson, associate justice of the United States Supreme Court (1953)
Cybersecurity can thus be described as a ‘market for lemons’ where there is an asymmetry of information between the buyer and the seller such that the seller knows of the product’s defects but does not disclose them to the buyer or may even misrepresent them to the buyer.
NSS Labs, Inc. complaint in US District Court, Northern District of California1
Regardless of the industry, one thing is clear. Companies do not embrace accountability on their own. It must be forced upon them.
This chapter will examine the nascent effort to bring accountability to software makers, an effort that had a rough start a few years back but received a shot of adrenaline with the White House’s release of the National Cybersecurity Strategy on March 1, 2023. We are a long way from enacting legislation to bring accountability to the software industry, according to Kemba Walden, the ...
Get Inside Cyber Warfare, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.