One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2716617 |
| Date de publication | 2021-04-29 15:20:23 (vue: 2021-04-29 20:05:33) |
| Titre | Executive Order on Cybersecurity Is Imminent: It\'s Been a Long Time Coming |
| Texte |  Following President Biden???s address to Congress last night in which he referenced cybersecurity as a priority twice, news is circulating today that the executive order on cybersecurity is imminent. This news comes as a much awaited and long overdue step towards creating standardization and structure around cybersecurity.
Anne Neuberger, the deputy national security advisor for cyber and emerging technology, says the order will be like the National Transportation Safety Board, or NTSB, for cyber. ???What can we learn with regard to how we get advance warning of such incidents,??? she recently told reporters. She also notes that this executive order will be a starting point that should eventually trickle down to the consumer market as well. ???If we start incentivizing security, then companies, [and] the market will then inherently prioritize it because more people will buy the product,??? she says.
From my perspective, I am happy that this topic is finally coming full circle. In 2013, Chris Wysopal addressed this very topic in a keynote at RVASec where he discussed ???The Future of Government Sharing.???ツ?
In fact, Chris started creating awareness with the federal government 23 years ago when he and some colleagues from hacker thinktank the L0pht testified to Congress in efforts to expose the risks and threats of cybersecurity. Eight years later, I joined Chris when he launched Veracode to actually start solving the critical problem of software security ??? together we focused on helping developers and security teams on not just finding but also fixing vulnerabilities in their software (developed in-house, open source or third-party purchased).
Just last month on International Women???s Day, I sat down with The New York Times cybersecurity reporter Nicole Perlroth and OWASP board member Vandana Verma to discuss this topic at an RSA Conference Podcast ??? sharing that Veracode???s recent research revealed that 66 percent of applications fail to meet the OWASP Top 10 standards, meaning they have a major vulnerability. This highlights that there is work to be done and we must embed security testing into the software development lifecycle so, as developers write code, they write securely. In that discussion, Perlroth said, ???We can???t be trying to band-aid on these fixes after vulnerable code has already made its way to users, but also into critical infrastructure ??ヲ We need to think about security and security design from the start. We have to start bringing in security engineers from the very beginning.???
Part of making software more secure involves integrating security into the software development lifecycle and training developers. We should not expect secure code if we haven???t established clarity on what good looks like, equipped developers with the right guidance, the right knowledge, and the right tools.
The executive order has been a long time coming, and I hope it establishes what the right expectations and accountability should be. We must put structure and standardization around cyber and software security, and there are a number of great examples on how this has been done successfully. One of our customers, an educational software vendor, joined the Veracode Verified program in order to provide evidence of its security processes and |
| Envoyé | Oui |
| Condensat | 2013 able about accountability accountable actually address addressed addresses advance advisor after ago aid already also anne applications are around awaited awareness band because been beginning biden board breaches bringing business but buy buyer can causes chris circle circulating clarity code colleagues comes coming common companies conference congress consumer continued creating critical customers cyber cybersecurity day demonstrating deputy design developed developer developers development digital discuss discussed discussion done down educational efforts eight eligible embed emerging engineers equipped establish established establishes eventually evidence examples executive expect expectations expose fact fail federal finally finding fixes fixing focus focused following from full future get given good government great guidance hacker happy has have haven held helping highlights hope house how imminent imminent: impact imperative incentivizing incidents infrastructure inherently integrating international involves issue its joined just keynote knowledge l0pht last later launched learn lifecycle like live long looks made major making market meaning meet member month more much must national need neuberger new news nicole night not notes ntsb number one open order other overdue owasp part party people percent perlroth perspective play podcast point president primary prioritize priority problem process processes product program provide public purchased put recent recently referenced regard reporter reporters research revealed right risks root rsa rvasec safety said sat says school secure securely security sharing she should software solving some source standard standardization standards start started starting step structure successfully such system teams technology testified testing then these think thinktank third threats through time times today together told tools top topic towards training transportation trickle trying twice users vandana vendor veracode verified verma very vigor vulnerabilities vulnerability vulnerable warning way well what when where which will women words work world write wysopal years york |
| Tags | |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.