"Well, they’ve done it. The Biden administration’s new National Cybersecurity Strategy takes on the third rail of cybersecurity policy: software liability. For decades, scholars and litigators have been talking about imposing legal liability on the makers of insecure software. But the objections of manufacturers were too strong, concerns about impeding innovation were too great, and the conceptual difficulties of the issue were just too complex. So today software licenses and user agreements continue to disclaim liability, whether the end user is a consumer or an operator of critical infrastructure. With this new strategy, the administration proposes changing that."