The recent Wall Street Journal article, “Should Software Companies Be Held Liable for Security Flaws?” shared differing points of view from the former U.S. National Cyber Director and the vice president of the Information Technology and Innovation Foundation on the conflicts currently faced by the software industry. Clearly, there is growing tension between the pursuit of competitive advantage and the concerns surrounding security vulnerabilities that have the potential to disrupt a company's entire business operations. As the Biden administration takes a stance holding companies accountable for their security flaws and proposes legislation, opponents argue that such measures may not effectively prevent cyberattacks and may delay innovation.
While the industry as a whole still needs to find its way to navigate through these challenges, collaboration between the government and industry is a good starting point, as noted by Daniel Castro, vice president at the Information Technology and Innovation Foundation and director of its Center for Data Innovation.
Just like collaboration is needed between the government and the industry, collaboration is also needed between software company security teams and code owners. Security teams are already training developers on how to build secure code, but they need a better way to quickly identify repeat offenders, as well as a better way to help them understand how and why issues are occurring.
At Dazz, we’re helping software companies get their arms around their complex modern development landscape using AI and automation to shed light on shadow pipelines, exploitable secrets, and code vulnerabilities. While many tools exist to help detect code vulnerabilities and misconfigurations, we’re building a platform that helps security and engineering teams rapidly close risk windows in hours or days instead of weeks or months. The faster and more accurately we can help software companies discover issues, find code owners, and fix vulnerabilities at root causes, the better chance we have together of preventing security incidents, breaches, and attacks.