The recent compromise in SolarWinds’ Orion software has resulted in many largely ineffective handshakes. I’ve spent more time talking about who should be held responsible for the incident than how it can mitigate the damage it causes or reduce the likelihood of a similar incident in the future.

However, it has motivated the creation of numerous new initiatives to increase the security of software by adding all sorts of additional processes and oversight to software development organizations. These efforts could yield some small, incremental benefits to software security, but they’re probably doomed to do little more than that.

Code security is simply not a priority for some developers, and it will be very difficult to change this for much of the software currently in use. And it’s likely that even the most careful and thorough software security development practices don’t work …


Source link

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.