Software developers who ship buggy, insecure code are the real bad guys in the cybercrime story, argued Jen Easterly, director of the U.S. government’s Cybersecurity and Infrastructure Security Agency. According to a report: “The truth is, technology vendors are the characters who build flaws” into their products, which then “open the door for villains to attack their victims,” Easterly said during a keynote address Wednesday at Mandiant’s mWise conference. Easterly also implored the audience to stop “glamorizing” criminal gangs with fancy, poetic names. How about “Scrawny Nuisance” or “Evil Ferret,” Easterly suggested.
Even calling security holes “software vulnerabilities” is too mild, she added. The phrase “really spreads responsibility. We should be calling them ‘product defects,’” Easterly said. And instead of automatically blaming victims for not patching their products quickly enough, “why don’t we ask: Why does software need so many urgent patches? The truth is: We need to demand more from technology vendors.”