smartnuts … the world on the cabaret-style dissecting table

Makers of insecure software are the real cyber villains

M

You’re not used to hearing such strong words at snake-oil conferences. But she said them in her keynote at Mandiant’s mWise conference – Jen Easterly, head of the Cybersecurity and Infrastructure Security Agency (CISA), an agency of the US government. And not being one to take prisoners or do things by halves, she adds: „Even calling security holes ’software vulnerabilities‘ is too lenient. That phrase really diffuses responsibility. We should call them ‚product flaws…'“

And she continues: „Despite a multi-billion-dollar cybersecurity industry, we still have a multi-trillion-dollar software quality problem that leads to a trillion-dollar global cybercrime problem.“

Also very nice: „We don’t have a cybersecurity problem, we have a software quality problem. We don’t need more security products – we need more secure products.

About the author

Michael Bunzel

Michael (Mike) Bunzel (aka maschasan) is a lawyer and engineer currently living in Germany. He has been working in the field of Cybersecurity and related laws and regulations for over 25 years now.

Mike took on various roles and functions in the context of Information Security, Cybersecurity, and SCADA/Shopfloor Security at a German car manufacturer in southern Germany for more than fifteen years now - currently in the R&D resort, with focus on E/E-systems in the context of automotive cybersecurity.

Mike has worked with global organizations across dozens of countries, cultures and languages, well-travelled in EMEIA, APAC and the Americas.

All articles in this blog do NOT reflect the opinion of his employer, but are all an expression of his personal view of things.

By Michael Bunzel
smartnuts … the world on the cabaret-style dissecting table

Get in touch

Tags