202211 Nov

The Securing Open Source Software Act Is Good, but Whatever Happened to Legal Liability?


The proposed legislation, which would establish federal responsibilities related to open source software security, was approved quickly by a voice vote with no markup in committee and sent to the Senate. In fact, this bill comes on the heels of significant efforts by governments around the world, nonprofits here in the United States, and open source’s corporate beneficiaries. For advocates of a light-touch regulatory approach, SOSSA is a welcome addition to the existing regime of voluntary frameworks, industry incentives through federal contracting mandates, and encouraged, but not mandatory, public-private partnerships. Log4Shell shook the world, and vendors still ship insecure versions of the library, so proponents of a liability regime argue there is a serious incentive problem. Contrary to the concerns of those who fear government involvement, members of this camp also want to protect the open source community and support its sustainability.

Source: Lawfareblog