Politics, cybersecurity, and software

[gem at cigital.com (Gary McGraw)]

hi sc-l,

In our discipline we have been known to complain about developers who take little interest in the business context 
their code will exist in.  I believe we're guilty of the "same thing" when it comes to politics, the government, and 
cybersecurity.  Every once in a while, one of "us" comes along and gets involved in cybersecurity in Washington (you go 
amit), but we don't seem to stick.  The latest casualty happened this week.

http://www.technewsworld.com/story/Political-Turf-Wars-Drive-Out-US-Cybersecurity-Chief-66431.html

As I say in the article above, I'd like to see the Obama administration take a leadership role in cutting through the 
interagency politics associated with cybersecurity. There's been a real paradigm shift in commercial software security 
in the past 10 years, but the government has not made as much progress as companies like Microsoft, Google EMC, and 
some of the major banks have (think BSIMM).  What we need is an epiphany along the lines of former Microsoft CEO Bill 
Gates' "trustworthy computing" memo of January 2002.  That was a leadership moment, and we need that for the country 
now. We also need somebody smart and knowledgeable to be appointed to carry out those activities.

Speak up software security types, we have an opportunity to make a difference.

gem

http://www.cigital.com/~gem