As manufacturers race to create internet-connected everyday products, lawyers explore whether companies can be held liable for security gaps. Law360 reported on the observations of industry lawyers speaking at a Las Vegas security conference in August; many cases may be based on promises made that a product is “secure.” The lawyers, said the publication, predict a flood of lawsuits.
“Legal precedent on the issue is far from settled, but the idea of class actions succeeding based on the discovery of a security flaw alone should spook technology companies,” said Shook Partner and Data Security and Privacy Practice Chair Al Saikali.
"If courts around the country start finding that a mere vulnerability by itself is enough to create standing, that's a big risk to corporate America, because the reality is that every company is vulnerable in some way," he said.
Saikali likened security bugs to the childhood game of whack-a-mole: “You knock one out, and another one comes up.”