Industry Comment – Nick Clegg Ignorance Shines Light On Poor Software Security Hygiene

Following widespread criticism of Nick Clegg’s suggestion that end-to-end encrypted messages could not be hacked, please find the comments below from security experts

Derek believes companies such as Facebook risk opening the door to hackers by neglecting software hygiene. Clegg’s lack of understanding of the problem is typical of board-level ignorance of application security, and the need for multiple layers of application security practices to ensure that consumers are protected from cyber-attacks.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Derek Weeks
Derek Weeks , VP and DevOps Advocate
InfoSec Expert
January 27, 2020 12:30 pm

Nick Clegg’s assertion that Jeff Bezos could not have been hacked via WhatsApp because of its end-to-end encrypted messages shows a lack of knowledge about both security and how modern applications are developed. While end-to-end encrypted apps such as WhatsApp may profess to offer “security by default,” apps are only as secure as the software they’re built on.

Without proper software hygiene, companies risk building known vulnerabilities into their applications, which hackers are quickly able to exploit – as WhatsApp found out in 2019 with the “double-free” vulnerability. This incident demonstrated why “end-to-end encryption,” and traditional security measures, don’t automatically equate to secure by default. Until WhatsApp starts recognising that end-to-end encryption alone is not enough – and that true application security requires multiple layers of application security practices – it leaves consumers vulnerable to cyber-attacks.

Last edited 2 years ago by Derek Weeks
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x