Why are there cybersecurity defects?A Bit of Security for February 14, 2024
Security defects are a subset of code defects. If we wrote higher quality code, we’d have fewer code defects, and as a side effect, we’d have fewer security holes. My first hire into the information security group at Gartner asked me, after her first year on the job, “Why are there security holes?” If the code were better there wouldn’t be any, and if people were aware of cons, the social engineering side would vanish as well. And there wouldn’t be any more security market because there wouldn’t be any more security problems.
My thinking has evolved since this recording - I now am convinced that there are two reasons for information security problems:
1. Code defects which allow unauthorized individuals to access information or processes they should not
2. Poor interface design that guides users to making poor decisions.
If a software product leads me to make a mistake, that is not my fault - that's the designers fault. If we allowed software products liability lawsuits, vendors would make their products much more reliable.
Музыка
Фильмы
ТВ Шоу
Категории видео
