What a novel idea: Making the vendors of software and software-as-a-service assume (at least some liability) for the security failures of their offerings.
This strategy document released by The White House on March 1 sets out this approach as one of its pillars. It’s refreshing to hear. It will, no doubt, raise a lot dust (and smoke).
In truth, CISA as an agency of the US Department of Homeland Security, has been chartered to address the security deficiencies in equipment manufactured and digital services since it’s inception. It’s efforts, however, seem to have been on cybersecurity threats (catching or foiling the bad guys), but not the more mundane, less dramatic blocking-and-tackling to place vendors in the spotlight as having responsibility to their consumers.
For comments on the plan, see: The High-Stakes Blame Game in the White House Cybersecurity Plan
#cybersecurity #strategy #vendor_liability
