#CISA boss: Makers of insecure #software are the real cyber villains: www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains
Even calling #security holes "software vulnerabilities" is too lenient, she added. This phrase "really diffuses #responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to #patch their products quickly enough, "why don't we ask: Why does software require so many urgent patches?...
#news #technology #cybersecurity #development #economy #Update #Problem #cyberwar
like this
David
in reply to anonymiss • • •You may already have read or heard this. This is Dan Geer on software mandatory reporting, net neutrality, source code liability, strike back, fall-backs and resiliency, vulnerability finding, right to be forgotten, Internet voting, abandonment, and convergence.
https://cva.unifr.ch/system/files/artifacts/media/pdf/1_11.pdf
at Black Hat 2014
anonymiss likes this.
David
in reply to anonymiss • • •David
in reply to anonymiss • • •Later in the talk...