September 19, 2024 at 08:37PM
Jen Easterly, head of the US government’s Cybersecurity and Infrastructure Security Agency, emphasizes that software vendors are to blame for cyber attacks due to shipping faulty code. She encourages the industry to stop glamorizing cyber crime and demands better quality, secure products. Easterly calls for using procurement power to pressure vendors to prioritize security.
From the meeting notes, some key takeaways are:
1. Jen Easterly, the boss of the US government’s Cybersecurity and Infrastructure Security Agency, emphasized that software developers play a significant role in cyber crime by shipping buggy and insecure code.
2. She called for a shift in language from “software vulnerabilities” to “product defects” to hold technology vendors more accountable.
3. Easterly emphasized the need for demanding more from technology vendors to address the urgent need for patches and improve software quality.
4. She highlighted the importance of making software more secure by incorporating secure-by-design principles and increasing accountability through measures like the CISA’s Secure by Design pledge.
These takeaways indicate Easterly’s focus on accountability, improving software quality, and advocating for secure-by-design principles in software development.