Skip to main content

#CISA boss: Makers of insecure #software are the real cyber villains: www.theregister.com/2024/09/20/cisa_sloppy_vendors_cybercrime_villains

Even calling #security holes "software vulnerabilities" is too lenient, she added. This phrase "really diffuses #responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to #patch their products quickly enough, "why don't we ask: Why does software require so many urgent patches?...


#news #technology #cybersecurity #development #economy #Update #Problem #cyberwar

#economy #security #News #technology #problem #software #development #cybersecurity #update #patch #cyberwar #cisa #responsibility
in reply to anonymiss

David
David

You may already have read or heard this. This is Dan Geer on software mandatory reporting, net neutrality, source code liability, strike back, fall-backs and resiliency, vulnerability finding, right to be forgotten, Internet voting, abandonment, and convergence.

https://cva.unifr.ch/system/files/artifacts/media/pdf/1_11.pdf
at Black Hat 2014

in reply to anonymiss

David
David
Start watching the video at 16:44 for these points.
in reply to anonymiss

David
David

Later in the talk...

"This law will mean the end of computing as we know it," to which Paul an my considered reply is, "Well yes please. That was exactly the idea."