A new federal strategy to make manufacturers liable for insecure software requires an attainable safe harbor policy and could be a disincentive for them in sharing important vulnerability info with the government, according to industry observers.