NCSC and Industry at Odds Over How to Tackle Shoddy Software
Arthur T Knackerbracket has processed the following story:
So, we have a non-functional market...
That is one of the prevailing messages dished out by the cyber arm of the British intelligence squad at GCHQ's National Cyber Security Centre (NCSC) in recent years at its annual conference. The cyber agency's CTO, Ollie Whitehouse, first pitched the idea during a keynote at last year's event, and once again it was a primary talking point of this week's CYBERUK, but not one that went down well with everyone.
Whitehouse said this week that "the market does not currently support and reward those companies that make that investment and build secure products." The risks introduced here are then shouldered by customers - companies, governments - rather than the vendors themselves.
"So, we have a non-functional market," he added.
"When we need to build an ecosystem that's capable of meeting this modern threat, we have to find ways where we can incentivize those vendors to be rewarded for their hard work, for those that go the extra mile, for those that build the secure technologies which our foundations are going to rely on in the future.
"Those that build secure technology make prosperous companies. They make celebrated companies, and they make successful companies ultimately. Because without that, nothing changes, and we repeat the last 40 years."
That's the NCSC's line - one that will most likely resonate with any organization popped by one of the myriad decades-old vulns vendors can't seem to stamp out.
But there is a disconnect between the agency's message and the views of major players elsewhere in the industry. From first being pitched as a necessary play for a more cyber-secure ecosystem, now the agency's steadfast stance on the matter has become a question of whether or not to intervene.
[...] McKenzie's take was that customers will ultimately drive vendor change. If they start prioritizing security, that's what vendors will give them. A string of cockups will quickly out those who don't provide value, and then it becomes a case of having to improve to survive.
Read more of this story at SoylentNews.