smartnuts … the world on the cabaret-style dissecting table

Makers of insecure software are the real cyber villains

M

You’re not used to hearing such strong words at snake-oil conferences. But she said them in her keynote at Mandiant’s mWise conference – Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the US government. And not being one to take prisoners or do things by halves, she adds: “Even calling security holes ‘software vulnerabilities’ is too lenient. That phrase really diffuses responsibility. We should call them ‘product flaws…'”

And she continues: “Despite a multi-billion-dollar cybersecurity industry, we still have a multi-trillion-dollar software quality problem that leads to a trillion-dollar global cybercrime problem.”

Also very nice: “We don’t have a cybersecurity problem, we have a software quality problem. We don’t need more security products – we need more secure products.

About the author

Michael Bunzel

Michael Bunzel (aka maschasan) is a lawyer and engineer currently based in Germany. For over 25 years he has worked at the intersection of cybersecurity and the laws and regulations that govern it.

For more than fifteen of those years, Mike has held various roles in Information Security, Cybersecurity and SCADA/shopfloor security at a German car manufacturer - today in its R&D division, with a focus on E/E systems and automotive cybersecurity regulation across different markets (UN, EU, China, Korea, India, the US and others).

He has worked with global organizations across dozens of countries, cultures and languages, and is well-travelled across EMEIA, APAC and the Americas.

The articles on this blog do not reflect the views of his employer; they are his personal opinions alone.

By Michael Bunzel
smartnuts … the world on the cabaret-style dissecting table

Get in touch

Tags

Meist gesehene Beiträge