There are a number of common executive cybersecurity roles today, including chief security officer (CSO) and chief information security officer (CISO), and now it's time to add one more – the chief product security officer (CPSO).
In a session on May 20 at the 2021 RSA Conference, Chris Wysopal, founder and CTO at Veracode, and Joshua Corman, chief strategist for the healthcare sector at CISA, outlined why it's time for organizations to have a chief product security officer (CPSO).
"Software trustworthiness, or rather the lack of trustworthiness, is at the forefront of everyone's mind right now," Corman said.
Corman noted that software development practices really haven't properly considered the consequences of having an insecure development model. For example, during the presentation he pulled up a quote attributed to Reid Hoffman, founder of LinkedIn – If you're not embarrassed by the first version of your product, you've launched too late. Corman emphasized that no physical engineer would say the same thing about a building or a bridge, where failure would result in the loss of life and property.
"We've learned through high-consequence failures in physical engineering," Corman said. "I'm hoping we will find our footing for what it's going to take for digital infrastructure, because as the world increasingly depends on that digital infrastructure, they increasingly are depending on you."
No tags.
