Software developers who ship buggy, insecure code are the real villains in cybercrime history, according to Jen Easterly, director of the US government's Cybersecurity and Infrastructure Security Agency.
An overview of high value assets (HVA)
"The truth is: Technology vendors are the characters who build problems" into their products, which then "open the doors for bad guys to attack their victims," Easterly explained during a Wednesday keynote speech at Mandiant's mWise conference.
Easterly also pleaded with the audience to stop "glamorizing" criminal gangs with fancy poetic names. How about "Scrawny Nuisance" or "Evil Ferret," suggested Easterly.
Even calling security holes "software vulnerabilities" is too indulgent, she added. This phrase "really diffuses responsibility. We should call them 'product defects,'" Easterly said. And instead of automatically blaming victims for failing to patch their products quickly enough, "why don't we ask: Why do software require so many urgent patches? The truth is: We need to demand more from technology providers."
