Jen Easterly, Director of the US Cybersecurity and Infrastructure Security Agency (CISA), has slammed software developers for creating buggy and insecure code that leaves systems vulnerable to cyberattacks. She argued that vendors are 'building problems' into their products, and called on the industry to prioritize software quality over rapid releases.
Software developers who ship buggy, insecure code are the true baddies in the cyber crime story, Jen Easterly , boss of the US government's Cybersecurity and Infrastructure Security Agency, has argued. "The truth is: Technology vendors are the characters who are building problems" into their products, which then"open the doors for villains to attack their victims," declared Easterly during a Wednesday Easterly also implored the audience to stop"glamorizing" crime gangs with fancy poetic names.
How about"Scrawny Nuisance" or"Evil Ferret," Easterly suggested. Even calling security holes"software vulnerabilities" is too lenient, she added. This phrase"really diffuses responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to patch their products quickly enough,"why don't we ask: Why does software require so many urgent patches? The truth is: We need to demand more of technology vendors."While everyone in the audience at the annual infosec conference has job security, Easterly joked, it's also the industry's role to make it more difficult for miscreants to compromise systems in the first place. "Despite a multi-billion-dollar cyber security industry, we still have a multi-trillion-dollar software quality issue leading to a multi-trillion-dollar global cyber crime issue," Easterly lamented. While no one would buy a car or board an airplane"entirely at your own risk," we do that every day with the software that underpins America's critical infrastructure, she added. "Unfortunately we have fallen prey to the myth of techno exceptionalism," Easterly opined."We don't have a cyber security problem – we have a software quality problem. We don't need more security products – we need more secure products."68 tech names sign CISA's secure-by-design pledgesince she took the helm of the US cyber defense agency. She tends to bang it louder at industry events, such as the annual RSA Conference where sheNaturally, if writing flawless code was super easy, it would be done without fail. Some developers are clearly careless or clueless, leading to vulnerabilities and other bugs, and sometimes skilled humans with the best intentions simply make mistakes. In any case, Easterly isn't happy with the current defect rate.CISA's Secure by Design pledge – a commitment to"make a good-faith effort to work towards" seven secure-software goals within a year, and be able to measurably show their progress.But the pledge remains voluntary, so software companies who fail to follow its guidelines – such as increasing the use of multi-factor authentication across their products and reducing default passwords – aren't going to be slapped down if they ignore it.Easterly wants that to change. She suggested technology buyers use their procurement power to pressure software vendors, by asking suppliers if they have signed the pledge – and, hopefully, done more than just put ink to paper in terms of buildingthat organizations buying software can use, and questions they should ask manufacturers, to better understand if they are prioritizing security in the product development life cycle. "Use your voice, take an active role, use your purchasing power to advance secure by design, by demanding it," Easterly urged. And then cross your fingers and pray that more and more vendors really do begin to take things like pre-releaseQuantum computing is coming – are you ready?Security boom is over, with over a third of CISOs reporting flat or falling budgets
Cybersecurity Software Quality Buggy Code Jen Easterly CISA
United Kingdom Latest News, United Kingdom Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
US sues Georgia Tech over alleged cybersecurity failings as a Pentagon contractorRap sheet spells out major no-nos after disgruntled staff blow whistle
Read more »
Britons issued warning over charging their phones at airportsCybersecurity experts have warned against charging your phone at public USB ports
Read more »
The ultimate dual-use tool for cybersecuritySword or plowshare? That depends on whether you're an attacker or a defender
Read more »
Mormon life of Ben Affleck's cousin Jen from reality show to marriage dramaJen Affleck, a distant relative to Hollywood star Ben Affleck, stars in the new docuseries, The Secret Lives Of Mormon Wives, alongside her husband Zac and their children
Read more »
New research offers solutions for cybersecurity in hospitalsIn May, a major cyberattack disabled clinical operations for nearly a month at Ascension, a health care provider that includes 140 hospitals across the U.S. Investigators tracked the problem to malicious ransomware that had infected an employee's computer.
Read more »
CISA boss: Makers of insecure software are the real cyber villainsWrite better code, urges Jen Easterly. And while you're at it, give crime gangs horrible names like 'Evil Ferret'
Read more »