Cybersecurity Showdown: Should We Reward or Roast Vendors for Insecure Products?
The NCSC’s secure software code aims to provide vendors with the tangible evidence needed to demonstrate their commitment to security. With international ratification, these standards will allow customers worldwide to make informed security choices. Because let’s face it, we should know more about our software than our sausages!
Hot Take:
Why fix a broken market when you can just keep selling duct tape? That seems to be the gist of the cybersecurity industry’s response to NCSC’s call for accountability. Meanwhile, GCHQ’s cyber arm is trying to convince vendors to take a leaf out of Volvo’s book and sell us security that doesn’t crash and burn at the first sign of trouble. Maybe it’s time we start treating cybersecurity like a game of whack-a-mole: every time a vendor ships buggy software, they get a bop on the head. Now that’s a market intervention I can get behind!
Key Points:
- The NCSC argues for market intervention to incentivize vendors to prioritize security.
- Industry leaders are divided on whether vendors ignore security for profit.
- There’s a call for punishing vendors who ship insecure software, not just rewarding those who do better.
- Insurance companies could play a role in setting security standards.
- The NCSC is working on international standards to hold vendors accountable.