You’re not used to hearing such strong words at snake-oil conferences. But she said them in her keynote at Mandiant’s mWise conference – Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the US government. And not being one to take prisoners or do things by halves, she adds: „Even calling security holes ’software vulnerabilities‘ is too lenient. That phrase really diffuses responsibility. We should call them ‚product flaws…'“
And she continues: „Despite a multi-billion-dollar cybersecurity industry, we still have a multi-trillion-dollar software quality problem that leads to a trillion-dollar global cybercrime problem.“
Also very nice: „We don’t have a cybersecurity problem, we have a software quality problem. We don’t need more security products – we need more secure products.