SoylentNews is people
SoylentNews
from the software-security-is-not-an-aftermarket-accessory dept.
Submitted via IRC for AnonymousLuser
Lack of Secure Coding Called a National Security Threat
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology, a cybersecurity think tank.
Rob Roy, an ICIT fellow who was co-author of the report, suggests in an interview with Information Security Media Group that an app standards body could play an important role in improving app security.
"If there were some objective standards put in place that all software would have to abide by, then we could start to make progress," Roy says. "It may just be that there needs to be an objective standard ... and a legislative mandate that requires a certain level of assurance to provide an assured product."
The "call to action" report, "Software Security Is National Security: Why the U.S. Must Replace Irresponsible Practices with a Culture of Institutionalized Security," discusses systemic issues with the software development landscape and what needs to be done to rectify the problem of negligent coding. But solving the problem won't be easy, given the problems of speed-to-market pressures and the sheer number of IoT devices being produced, the report notes.
[Ed Note - for those Soylentils that are software developers, does your company provide training/mentoring on how to develop secure software?]
(Score: 2) by JoeMerchant on Wednesday May 22 2019, @12:55PM (4 children)
Yes, and no.
Um... are people un-installing IoT? The IoT hype has died, but the machine rolls on. Home automation, broadscale data gathering, smart cars, smart doors, smart refrigerators... for better or for worse, these things continue to increase in numbers, while people start to notice them less: which should be a doubling of concern because people forget to question what they are giving away when they "get" a door that they can open with a swipe of their NFC phone.
While I agree, this almost sounds like a pet-peeve of the morning, not an on-topic discussion point. I blame Ajit Patal for all the SPAM calls I've been getting recently - seems like a straw-man they're trying to prop up and slay for political points.
🌻🌻 [google.com]
(Score: 2) by The Mighty Buzzard on Wednesday May 22 2019, @01:03PM (2 children)
Yeah, that's why I do all my own neat little IoT automation bullshit coding. At least then I know whose ass to kick over a stupid bug. And it's not like I'm going to automate anything that could go horribly wrong since I know damned good and well that sooner or later it will do exactly that.
My rights don't end where your fear begins.
(Score: 0) by Anonymous Coward on Wednesday May 22 2019, @02:24PM (1 child)
How do you kick your own ass?
(Score: 3, Funny) by The Mighty Buzzard on Wednesday May 22 2019, @02:32PM
With your heel. Unless you're really fat, really muscular, or otherwise physically can't; then you outsource the job.
My rights don't end where your fear begins.
(Score: 2) by VLM on Wednesday May 22 2019, @02:20PM
Yeah I'm having trouble finding evidence of that. Statista claims 11M fridges sold in the USA and a different report implies total smart appliance penetration in the USA after a decade of intense marketing remains a mere 3%, so figure an absolute maximum cap of 1/3 of a million new smart fridges per year. However wikipedia seems to imply we've been suffering under smart fridges in the marketplace for roughly a replacement cycle of cheap "big box" appliances. Also not all smart appliances are fridges. Not too unrealistic that a two decade old marketplace of smart fridges is stagnant around 1 in 1000 people's experience. I think a realistic estimate is a relatively constant half million out there operational and either committing privacy violations for corporate profit and/or being botnet members sniffing passwords.
Its useful to make estimates like this; given they're a failure in the marketplace so far, we can assume they're off the malware radar in a sort of security thru obscurity situation. In the unlikely event they become more popular, the lack of obscurity means they'll become giant security holes once they're popular enough to be a real target.
Its a long way from smart phone market penetration percentages, or indoor plumbing, where you can pretty much assume everyone participates.
Compare to something like Game Of Thrones; somewhere around 29 out of 30 Americans don't watch and don't care. Yet it can be fluffed up in the marketing implied to be the defining national cultural event of our lifetimes. Just because everyone has heard stand up comedians and internet posters joke about internet connected fridges for twenty years doesn't mean people actually own them at a rate which is significant.