In 1998, Veracode founder Chris Wysopal testified before Congress on the dangers of vulnerable software, famously reporting that he and his hacker friends could “take down the entire Internet in 30 minutes.” And, it took 23 years, but the government is finally responding.
The Biden administration just released an executive order on cybersecurity that includes new security requirements for software vendors selling software to the U.S. government. There are also indications that these practices will make their way into the private sector. The order requires the development of pilot programs to develop ratings and labeling for the security of consumer software, including IoT devices. It also mandates the development of a Cyber Safety Review Board that will operate like an NTSB for cyber, investigating attacks and sharing information on how and why they happened.
Just as we originally built cars without thinking about safety, we started building software years ago without thinking about security. In both cases, the risk eventually became very evident, and the government got involved with regulations. Where do we go from here? This executive order is more far-reaching and prescriptive than any cybersecurity legislation we’ve seen – how will this affect cybersecurity regulations of the future? Join our new VeraTalk with Chris Wysopal as he explores the future of cybersecurity regulations.