Industry Comment – Nick Clegg Ignorance Shines Light On Poor Software Security Hygiene

Following widespread criticism of Nick Clegg’s suggestion that end-to-end encrypted messages could not be hacked, please find the comments below from security experts

Derek believes companies such as Facebook risk opening the door to hackers by neglecting software hygiene. Clegg’s lack of understanding of the problem is typical of board-level ignorance of application security, and the need for multiple layers of application security practices to ensure that consumers are protected from cyber-attacks.

Experts Comments

January 27, 2020
Derek Weeks
VP and DevOps Advocate
Sonatype
Nick Clegg’s assertion that Jeff Bezos could not have been hacked via WhatsApp because of its end-to-end encrypted messages shows a lack of knowledge about both security and how modern applications are developed. While end-to-end encrypted apps such as WhatsApp may profess to offer “security by default,” apps are only as secure as the software they’re built on. Without proper software hygiene, companies risk building known vulnerabilities into their applications, which hackers are.....Read More
Nick Clegg’s assertion that Jeff Bezos could not have been hacked via WhatsApp because of its end-to-end encrypted messages shows a lack of knowledge about both security and how modern applications are developed. While end-to-end encrypted apps such as WhatsApp may profess to offer “security by default,” apps are only as secure as the software they’re built on. Without proper software hygiene, companies risk building known vulnerabilities into their applications, which hackers are quickly able to exploit – as WhatsApp found out in 2019 with the “double-free” vulnerability. This incident demonstrated why “end-to-end encryption,” and traditional security measures, don’t automatically equate to secure by default. Until WhatsApp starts recognising that end-to-end encryption alone is not enough - and that true application security requires multiple layers of application security practices - it leaves consumers vulnerable to cyber-attacks.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.