We can't find the internet
Attempting to reconnect
Something went wrong!
Hang in there while we get back on track
Main Stage: Let Me Tell You a Story: Technology and the 4 Vs
Explore how the tech industry normalizes insecure software & what we can do about it. Learn why secure development practices & vendor accountability are crucial for safer products.
-
The cybersecurity industry faces a software quality problem rather than a cybersecurity problem - we need more secure products, not more security products
-
Common vulnerabilities like memory safety violations, cross-site scripting, and SQL injection have persisted for decades, showing a systematic disregard for secure development
-
Technology vendors have normalized creating defective, insecure software by prioritizing speed to market and features over security
-
The Secure by Design initiative aims to transform the industry by having vendors commit to secure development practices, with nearly 200 companies now signed to the pledge
-
Organizations that procure software should demand more from vendors through their purchasing power and by asking security-focused questions during acquisition
-
Unlike other industries that track and reduce defects, the software industry has accepted vulnerabilities as inevitable rather than treating them as product defects
-
The industry must move away from victim-blaming (e.g., “they didn’t patch”) and focus on vendor responsibility for secure product development
-
Contract language for software puts all risk on customers - a practice that wouldn’t be accepted in other industries like aviation or automotive
-
Secure development frameworks and memory-safe programming languages can help eliminate entire classes of vulnerabilities
-
Success requires both supply-side (vendor) and demand-side (customer) commitment to security, along with potential software liability standards