Source URL: https://developers.slashdot.org/story/24/09/20/1936214/cisa-boss-makers-of-insecure-software-are-the-real-cyber-villains?utm_source=rss1.0mainlinkanon&utm_medium=feed
Source: Slashdot
Title: CISA Boss: Makers of Insecure Software Are the Real Cyber Villains
Feedly Summary:
AI Summary and Description: Yes
Summary: Jen Easterly, the head of the US Cybersecurity and Infrastructure Security Agency, emphasizes the responsibility of software developers in creating secure code. During her keynote at the Mandiant mWise conference, she criticized tech vendors for embedding vulnerabilities in their products and called for a shift in how society perceives software failures and cyber threats.
Detailed Description: Jen Easterly’s remarks at the Mandiant mWise conference shed light on the critical role software developers play in cybersecurity. The focus of her speech revolves around the following key points:
– **Accountability for Software Security**: Easterly argues that the root of many cyber vulnerabilities lies with technology vendors who create insecure products.
– **Perception of Cyber Criminals**: She challenges the way society glamorizes cybercrime, suggesting that names given to crime gangs can influence public perception. Examples she provided included names like “Scrawny Nuisance” instead of more imposing titles.
– **Terminology Around Vulnerabilities**: Easterly suggests that the term “software vulnerabilities” can diffuse the seriousness of the issue, proposing that they should be referred to as “product defects” to more accurately reflect the lack of responsibility taken by developers.
– **Patching and Software Quality**: A significant point of her address was a question posed regarding the frequency of urgent patches required for software products. She advocates for demanding better quality from technology vendors to reduce the number of vulnerabilities.
Key Implications for Professionals:
– **Increased Demand for Software Quality**: Security professionals may need to advocate for stricter standards and practices for software development to lower risks linked to poor coding practices.
– **Shift in Organizational Culture**: Organizations may need to reconsider how they view software failures – moving from blaming victims to holding vendors accountable.
– **Training and Awareness Initiatives**: Enhancing training programs for developers about secure coding practices and the significance of creating robust software can be pivotal.
In essence, Easterly’s address highlights the foundational role of software quality in cybersecurity and calls for a collective responsibility from developers to mitigate risks that jeopardize system security.