Jen Easterly named the true reasons for mediocre cybersecurity.
Software developers who release products with vulnerabilities are the real culprits behind all cyberattacks. At least, that's what Jen Easterly, head of the US Cybersecurity and Infrastructure Security Agency (CISA), said at the recent mWise conference.
Easterly called on tech companies to stop releasing code with defects that pave the way for cybercriminals. She stressed that it is technology providers who create problems that attackers successfully use to attack their victims.
She also noted that software security flaws should not be called "vulnerabilities" but "product defects," which more accurately reflects the responsibility of developers. In her opinion, the industry should stop shifting the blame to users who do not have time to install updates in time, and start demanding better products from developers that do not require constant "critical patches."
Easterly drew attention to the fact that despite the billions invested in cybersecurity, the main problem lies in the poor quality of the software. She compared the situation to cars and airplanes, which no one would buy if they were used "at their own risk", as is often the case with software.
Speaking earlier at the RSA conference, Easterly said that reliable code is the only way to make cyberattacks rare. At the mWise conference, she reiterated that the cybersecurity industry should focus on creating secure products, not increasing the number of defenses.
Nearly 200 major market players, including Amazon, Microsoft and Google, have now joined CISA's "Secure by Design" initiative, which involves companies' commitment to improve product security. However, Easterly stressed that so far this is only a voluntary commitment, and urged customers to use their purchasing power to demand that suppliers meet these standards.
In conclusion, the head of CISA called on organizations to be more proactive in influencing the situation by asking the right questions to suppliers and demanding more attention to security at all stages of software development.
Source
Software developers who release products with vulnerabilities are the real culprits behind all cyberattacks. At least, that's what Jen Easterly, head of the US Cybersecurity and Infrastructure Security Agency (CISA), said at the recent mWise conference.
Easterly called on tech companies to stop releasing code with defects that pave the way for cybercriminals. She stressed that it is technology providers who create problems that attackers successfully use to attack their victims.
She also noted that software security flaws should not be called "vulnerabilities" but "product defects," which more accurately reflects the responsibility of developers. In her opinion, the industry should stop shifting the blame to users who do not have time to install updates in time, and start demanding better products from developers that do not require constant "critical patches."
Easterly drew attention to the fact that despite the billions invested in cybersecurity, the main problem lies in the poor quality of the software. She compared the situation to cars and airplanes, which no one would buy if they were used "at their own risk", as is often the case with software.
Speaking earlier at the RSA conference, Easterly said that reliable code is the only way to make cyberattacks rare. At the mWise conference, she reiterated that the cybersecurity industry should focus on creating secure products, not increasing the number of defenses.
Nearly 200 major market players, including Amazon, Microsoft and Google, have now joined CISA's "Secure by Design" initiative, which involves companies' commitment to improve product security. However, Easterly stressed that so far this is only a voluntary commitment, and urged customers to use their purchasing power to demand that suppliers meet these standards.
In conclusion, the head of CISA called on organizations to be more proactive in influencing the situation by asking the right questions to suppliers and demanding more attention to security at all stages of software development.
Source
