This sound is generated automatically. If you have feedback, please let us know.
Cybersecurity and Infrastructure Security Agency director Jen Easterly has again called on private industry to develop more secure technology products, weeks after a major address at Carnegie Mellon University.
Easterly said the transition to secure-by-design will require a fundamental shift in the way technology products are developed, which will include changes to the code used to develop the software.
After meeting with students and faculty at CMU last month, Easterly is calling on universities to make security a standard element of computer science education, she said in blog post published on Friday.
“Students need to be well-educated in security — including memory security and secure coding practices, and professors play a major role here,” Easterly wrote in a blog post. “The steps taken today at universities across the country can help accelerate an industry-wide shift toward memory-safe languages and add more engineering rigor to software development, which in turn will protect all users of the technology.”
Technology manufacturers must change the way they develop new products so that they spend less time fixing defective products. According to her, this will leave more time for innovation and growth.
- The burden of security should never fall on customers.
- Technology makers should embrace radical transparency and quickly disclose security concerns.
- Technology manufacturers should develop a roadmap showing plans for how products will be developed and updated to ensure they are secure by design and secure by default.
An Easter speech in late February laid the groundwork for the Biden administration’s dismissal National Cyber Security Strategy. It serves as a comprehensive blueprint for how the government and private industry hope to deal with the rise in malicious cyber activity from both criminal gangs and adversaries of nation-states.
The strategy calls for a major shift to make software developers and other manufacturers responsible for the safety and security of their products, including expectations that Congress will enact new legislation to support some type of enforcement mechanism.