Passing a Law is the Only Way to Secure our Computers

September 29, 2022

Security legend Bruce Schneier thinks that we need a new law requiring companies to secure their systems:

We need strong regulations that force organizations to maintain good security practices. The focus must be on resilient security for the user data entrusted to the company. Government regulation should not be involved (for example) if Uber loses the source code to its phone apps or its employee Slack channel. Government regulation should be involved if Uber loses data about the rides taken by its 100 million-plus users.

Why a Law?

The market does not currently reward companies that spend resources on security. Preventing disaster is not as exciting or likely to grow users and revenue as a new feature for your app.

My Experience

Security issues are addressed as they happen or if someone brings them up. Otherwise the default options are used on most software applications. Many smaller organizations are rife with poor security practices like sharing passwords for a single account instead of making individual user accounts for each person.

Use a Password Manager

The best thing you can do to improve your own security is use a password manager like 1Password. Many organizations are paying for this for their employees. By using a different password it generates for every login, you limit the damage from a single hack.

Software Engineers Should Use Security Scanners

Companies like Semgrep offer tools that make scanning for security issues easy and can handle many languages and libraries.

Some free tools to consider:

Want to get posts like this in your email?

This work by Matt Zagaja is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.