[SC-L] Politics, cybersecurity, and software

[Gary McGraw]

hi sc-l,

In our discipline we have been known to complain about developers who take little interest in the business context their code will exist in.  I believe we're guilty of the "same thing" when it comes to politics, the government, and cybersecurity.  Every once in a while, one of "us" comes along and gets involved in cybersecurity in Washington (you go amit), but we don't seem to stick.  The latest casualty happened this week.

http://www.technewsworld.com/story/Political-Turf-Wars-Drive-Out-US-Cybersecurity-Chief-66431.html

As I say in the article above, I'd like to see the Obama administration take a leadership role in cutting through the interagency politics associated with cybersecurity. There's been a real paradigm shift in commercial software security in the past 10 years, but the government has not made as much progress as companies like Microsoft, Google EMC, and some of the major banks have (think BSIMM).  What we need is an epiphany along the lines of former Microsoft CEO Bill Gates' "trustworthy computing" memo of January 2002.  That was a leadership moment, and we need that for the country now. We also need somebody smart and knowledgeable to be appointed to carry out those activities.

Speak up software security types, we have an opportunity to make a difference.

gem

http://www.cigital.com/~gem