A security podcast geared towards those looking to better understand security topics of the day. Hosted by Kurt Seifried and Josh Bressers covering a wide range of topics including IoT, application security, operational security, cloud, devops, and security news of the day. There is a special open source twist to the discussion often giving a unique perspective on any given topic.
Episode 448 - What's wrong with CISA?
Josh and Kurt talk about a few things that have recently come out of CISA. They seem to be blaming the vendors for a lot of the problems, but there's also not any actionable advice telling the vendors what they should be doing. This feels like the classic case of "just security harder". We need CISA to be leading the way funding and defining security, not blaming vendors for giving the market what it demands.
Show Notes- iCloud Photos Downloader
- CISA boss: Makers of insecure software must stop enabling today's cyber villains
- A Security Market for Lemons
- CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities
- CISA Secure by Design Pledge
- Railroad Newsletter
- CISA Secure Software Development Attestation Form