The United States Director of the Cybersecurity and Infrastructure Security Agency (CISA), Jen Easterly did not mince her words when she said that sloppy technology vendors are the ones who are building “problems" into their products, which "open the doors for villains to attack their victims.” She opined that the industry needs to change the semantics of terms like “software vulnerabilities" and bluntly call them “product defects” for that is what she felt they are. Speaking at a conference, the CISA boss also voiced her dislike for “glamorizing” threat actors with poetic names and instead resorting to bringing out their villainy with less likable names like "Scrawny Nuisance" or "Evil Ferret."

"Despite a multi-billion-dollar cyber security industry, we still have a multi-trillion-dollar software quality issue leading to a multi-trillion-dollar global cybercrime issue," Easterly said. She prescribed that technology buyers use their procurement power to pressure software vendors, by asking suppliers if they have signed the pledge of building secure-by-design products. Read more about this story on our LinkedIn page