US Government Bans Insecure Software

It has been announced that the US government is banning insecure software from its procurement process in a bid to improve the country’s cyber security.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Julia O’Toole
InfoSec Expert
August 22, 2022 1:15 pm

This is a positive step forward from the US government and it highlights the country’s determination towards a secure digital future.  

The legislation will not only prohibit software that contain vulnerabilities being used by the US government, but it will also encourage manufacturers to employ secure-by-design principles which will introduce significant security improvements.

However, what the US government must realise is that patching vulnerabilities will only address a fraction of the real problem. Yes, vulnerabilities leave holes in networks, but the preferred entry for an attacker is still using stolen employee credentials.

As a result, the US government needs to improve security by implementing encrypted access for all employees. Otherwise, they are leaving a major vulnerability within their systems, and when they do not control network access, they no longer control their data.

By encrypting access, government workers will not know their own credentials, so they can’t be phished or stolen, which provides an important layer of security while firmly closing the door on unauthorised intruders.

Last edited 1 month ago by Julia O’Toole
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x