Episode 448
Episode 448 - What's wrong with CISA?
Open Source Security · Open Source Security
September 30, 202434m 48s
Audio is streamed directly from the publisher (traffic.libsyn.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Josh and Kurt talk about a few things that have recently come out of CISA. They seem to be blaming the vendors for a lot of the problems, but there's also not any actionable advice telling the vendors what they should be doing. This feels like the classic case of "just security harder". We need CISA to be leading the way funding and defining security, not blaming vendors for giving the market what it demands.
Show Notes- iCloud Photos Downloader
- CISA boss: Makers of insecure software must stop enabling today's cyber villains
- A Security Market for Lemons
- CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
- CISA Secure by Design Pledge
- Railroad Newsletter
- CISA Secure Software Development Attestation Form