Balancing Security, Innovation, and Who's Liable for Security Flaws
Published 06/30/2023
Originally published by Dazz.
Written by Julie O’Brien, CMO, Dazz.
The recent Wall Street Journal article, “Should Software Companies Be Held Liable for Security Flaws?” shared differing points of view from the former U.S. National Cyber Director and the vice president of the Information Technology and Innovation Foundation on the conflicts currently faced by the software industry. Clearly, there is growing tension between the pursuit of competitive advantage and the concerns surrounding security vulnerabilities that have the potential to disrupt a company's entire business operations. As the Biden administration takes a stance holding companies accountable for their security flaws and proposes legislation, opponents argue that such measures may not effectively prevent cyberattacks and may delay innovation.
While the industry as a whole still needs to find its way to navigate through these challenges, collaboration between the government and industry is a good starting point, as noted by Daniel Castro, vice president at the Information Technology and Innovation Foundation and director of its Center for Data Innovation.
Just like collaboration is needed between the government and the industry, collaboration is also needed between software company security teams and code owners. Security teams are already training developers on how to build secure code, but they need a better way to quickly identify repeat offenders, as well as a better way to help them understand how and why issues are occurring.
Software companies can get their arms around their complex modern development landscape using AI and automation to shed light on shadow pipelines, exploitable secrets, and code vulnerabilities. The faster and more accurately software companies can discover issues, find code owners, and fix vulnerabilities at root causes, the better chance we have together of preventing security incidents, breaches, and attacks.
Related Resources
Related Articles:
The Evolution of DevSecOps with AI
Published: 11/22/2024
CSA Community Spotlight: Nerding Out About Security with CISO Alexander Getsin
Published: 11/21/2024
A Vulnerability Management Crisis: The Issues with CVE
Published: 11/21/2024
AI-Powered Cybersecurity: Safeguarding the Media Industry
Published: 11/20/2024