It has been announced that the US government is banning insecure software from its procurement process in a bid to improve the country’s cyber security.
This is a positive step forward from the US government and it highlights the country’s determination towards a secure digital future.
The legislation will not only prohibit software that contain vulnerabilities being used by the US government, but it will also encourage manufacturers to employ secure-by-design principles which will introduce significant security improvements.
However, what the US government must realise is that patching vulnerabilities will only address a fraction of the real problem. Yes, vulnerabilities leave holes in networks, but the preferred entry for an attacker is still using stolen employee credentials.
As a result, the US government needs to improve security by implementing encrypted access for all employees. Otherwise, they are leaving a major vulnerability within their systems, and when they do not control network access, they no longer control their data.
By encrypting access, government workers will not know their own credentials, so they can’t be phished or stolen, which provides an important layer of security while firmly closing the door on unauthorised intruders.
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
LockBit often targets insiders as a way of hacking systems.…
The Financial system has a terrible number of interdependencies, and…
Notorious Russian cybergang Killnet has claimed responsibility for a cyberattack…
As Marc Andreessen said over a decade ago, "software is…
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics