You are currently viewing a placeholder content from Youtube. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

You are currently viewing a placeholder content from Libsyn. To access the actual content, click the button below. Please note that doing so will share data with third-party providers.

More Information

In this episode of the Security Swarm Podcast, the dynamic duo Andy Syrewicze and Paul Schnackenburg discuss the software quality problem in the cybersecurity and technology industry, as highlighted by Jen Easterly, the director of CISA. They delve into the risks associated with software selection, the role of industry analysts, the importance of software stability and security over innovation, and the need for developers to focus on secure coding practices. 

One area Andy and Paul focus on are the risks associated with software selection, highlighting the importance of evaluating factors such as the software’s origin, reputation, and security features when making decisions. Andy and Paul also discuss the role of industry analysts like Gartner and Forrester, and how their focus on innovation and feature sets may not always align with the critical need for stability, security, and reliable support. 

Do you want to join the conversation? Join us in our Security Lab LinkedIn Group!

Key Takeaways: 

  • The cybersecurity industry has a software quality problem, not just a security problem. 
  • Selecting software requires careful risk assessment, considering factors like the software’s origin, reputation, and security features.

  • Industry analysts often focus on innovation and features rather than software stability and security.

  • The technology industry should reward software that is stable, secure, and operates as intended, not just the latest innovative features.

  • Developers need to be trained in secure coding practices, as many graduates lack this knowledge.

  • Understanding how threat actors could exploit vulnerabilities is crucial for developers to write secure code.

  • The software landscape is constantly evolving, and the threat landscape is changing, requiring ongoing education and adaptation.

  • Supply chain risks, such as pre-installed malware on refurbished devices, highlight the need for comprehensive security measures.

Timestamps: 

(06:04) Assessing Software Risks 

(16:50) The Analyst Approach 

(21:11) Rewarding Stability and Security 

(27:16) Secure Coding Practices in Academia 

(32:59) Developers Understanding Threat Actors 

(34:33) Supply Chain Risks 

(37:32) Valuing Stability and Security over Innovation

Episode Resources: 

Paul’s Article   Andy and Eric’s Episode on Vendor Risk     Proactively protect your organization’s email from the growing threat of software vulnerabilities and malicious attacks. 365 Total Protection provides comprehensive security for Microsoft 365, safeguarding your business with advanced threat detection, spam filtering, and email encryption. Ensure your software is secure and your data is protected with Hornetsecurity’s industry-leading 365 Total Protection.   Defend your organization against sophisticated cyber threats with Hornetsecurity’s Advanced Threat Protection, powered by cutting-edge technology. Our advanced system analyzes email content and attachments to detect and block even the most evasive malware and phishing attempts. Stay one step ahead of threat actors and protect your business with Hornetsecurity’s Advanced Threat Protection

Leave a Reply

Your email address will not be published. Required fields are marked *