"And she suggested that the government hold companies liable for selling vulnerable products that criminals and nation states later exploit in cyberattacks."
The biggest exploiters of this being the US themselves? I wonder how quickly she would be disappeared if she tried saying this to the faceless men at certain US government agencies?
"Making software "secure-by-design," and thus putting the liability on the vendors to sell safe products out of the box instead of pushing that responsibility on to consumers and businesses, is a drumbeat that CISA has been pounding under Easterly's leadership."
See my previous point, or how about when the same country wanted Apple et all to build in back doors, but make it safe at the same time?
What I will find interesting is when AI starts going through code and then starts using the same lines of code because they "just work" and are the most efficient ones to use, will someone sue about using their IP and if so, will someone grow a brain and put into law, that AI generated essential code is exempt form copyright violations, so the world can move forward and away from previous coders dodgy or lazy coding practices?