Insecure tech is a national security risk, gov agencies warn | CPT PPP Coverage
Cryptopolytech (CPT) Public Press Pass (PPP)
News of the Day COVERAGE
200000048 – World Newser
•| #World |•| #Online |•| #Media |•| #Outlet |
View more Headlines & Breaking News here, as covered by cryptopolytech.com
Insecure tech is a national security risk, gov agencies warn appeared on www.itnews.com.au by iTnews.
Cyber security agencies in the Five Eyes nations and others are putting pressure on software vendors to improve product security and transparency.
Announcing a joint guidance late last week, four North American agencies joined with organisations in Australia, Canada, the UK, New Zealand, the Netherlands and Germany to call for software to be made “secure by design” and “secure by default”.
In a reversal of the onus the tech sector has practiced for decades, that emphasised the user’s role in keeping products secure, the joint announcement said software vendors should “take ownership of the security outcomes of their technology products, shifting the burden of security from the customers”.
“A secure configuration should be the default baseline, in which products automatically enable the most important security controls needed to protect enterprises from malicious cyber actors,” the announcement stated.
The NSA’s cyber security director Rob Joyce called insecure technology products a risk to national security as well as to individual users.
“If manufacturers consistently prioritise security during design and development, we can reduce the number of malicious cyber intrusions we see,” he added.
“The international coalition partnering on this report speaks to the importance of this issue.”
The partners also call for “radical transparency and accountability”: not only should vendors take part in vulnerability disclosure programs, “advisories and associated common vulnerability and exposure (CVE) records” should be “complete and accurate.”
As explained in the guidance document [pdf], the aim is to “break the vicious cycle of creating and applying fixes”.
Security by design is defined in the document as a product that is “built in a way that reasonably protects against malicious cyber actors successfully gaining access to devices, data, and connected infrastructure”.
“Secure-by-Default” means products are resilient against prevalent exploitation techniques
out of the box without additional charge, the guidance document said, including warning consumers if they “deviate from safe defaults”.
FEATURED ‘News of the Day’, as reported by public domain newswires.
View ALL Headlines & Breaking News here.
Source Information (if available)
This article originally appeared on www.itnews.com.au by iTnews – sharing via newswires in the public domain, repeatedly. News articles have become eerily similar to manufacturer descriptions.
We will happily entertain any content removal requests, simply reach out to us. In the interim, please perform due diligence and place any content you deem “privileged” behind a subscription and/or paywall.
CPT (CryptoPolyTech) PPP (Public Press Pass) Coverage features stories and headlines you may not otherwise see due to the manipulation of mass media.
First to share? If share image does not populate, please close the share box & re-open or reload page to load the image, Thanks!