Oct 31, 2019
All links and images for this episode can be found on CISO
We've been at this cybersecurity thing for a long time. Are
products improving their security? A recent study says they
out this tweet and the ensuing discussion for the information
on the study and the concerns people have about the history of poor
security in consumer-grade networking products.
This episode is co-hosted by me, David
Spark (@dspark), the
creator of CISO
Series and Allan
Alford (@AllanAlfordinTX). Our
guest for this episode is Michael L. Woodson (@mlwoodson), CISO, MBTA.
Networks, the global cybersecurity leader, is shaping the
cloud-centric future with technology that is transforming the way
people and organizations operate. By delivering an integrated
platform and empowering a growing ecosystem of partners, we are at
the forefront of protecting tens of thousands of organizations
across clouds, networks, and mobile devices.
On this episode of Defense in Depth,
- We focus our conversation mostly on consumer products, most
notably networking, which was the focus of the relevant study.
- Some basic measurements of security such as stack guards and
buffer overflow protection showed no noticeable improvement.
- Margins are so slim on consumer products that manufacturers are
put in a bind. They can't overcharge and stay competitive, so they
have to underdeliver, and often security protections are cut as a
- People accept the failures of cybersecurity products by just
accepting the end user license agreement (EULA).
- Be very careful with these agreements. Often a vendor will make
outrageous claims like saying they own the data.
- When we have security incidents companies are not blamed or
- What type of pressure would need to be put on manufacturers to
get them to improve security? Will it have to be standards,
regulations, or government regulations?