CISA boss holds speech at Mandiant's mWise conference

This speech - by the CISA boss no less - will leave some serious burn marks:

My favourite snippets:

“The truth is: Technology vendors are the characters who are building problems” into their products, which then “open the doors for villains to attack their victims,”

Even calling security holes “software vulnerabilities” is too lenient, she added. This phrase “really diffuses responsibility. We should call them ‘product defects,’”

And instead of automatically blaming victims for failing to patch their products quickly enough, “why don’t we ask: Why does software require so many urgent patches? The truth is: We need to demand more of technology vendors.”

While no one would buy a car or board an airplane “entirely at your own risk,” we do that every day with the software that underpins America’s critical infrastructure, she added.

Its not a bad opinion. There is some truth to it. But call me pessimist, but I dont think software quality will improve. Software is sometimes like those cheap iot thing, or any other cheap product. Get it out the door, and once its sold, the money is made, why improve it. Its unfortunate, but I dont have a realistic solution nor she. For things to change, there would need to have very big changes to laws in the usa, and its not going to happen.