On March 1st, the White House released an updated National Cybersecurity Strategy reinforcing key priorities for national cyber defense and outline of actions and policies the Administration intends to put forward. While the Strategy does break much in the way of new ground, it does articulate and reinforce policy priorities and effectively calls for a “whole of America” approach to securing our digital infrastructure and related systems and data, with a particular focus on critical infrastructure. One new concept outlined in the Strategy is to hold software vendors responsible for security vulnerabilities in their products. While an interesting concept (think “product liability”), it raises more questions than it answers. Together with top industry analysis Richard Stiennon of IT-Harvest, we have reviewed the Strategy and prepared our analysis of the policies proposed by the White House in the Policy Analysis.