Rather than use the product liability screwdriver as a chisel, why not consider a package of more effective tools. Corporations and individuals that market software despite knowledge of software security flaws should face criminal prosecution as well as civil lawsuits with punitive damages. Perhaps bounties should be available for the first to discover and establish the existence of a security flaw. Publishers should be required to post to the Web and otherwise publicize promptly patch availability. The software equivalent of an Underwriters Laboratories should establish and constantly improve security-related standards and testing protocols. It should be made readily apparent whether a program has passed and at what level. Prospective customers should be educated and encouraged to insist on software that has passed. Stronger software security is important. Software developers and publishers must do better. But product liability is not the right legal tool for the job.