Skip to main content
close search
site logo

Shift to secure-by-design must start at university level, CISA director says

Jen Easterly, just weeks after a speech at Carnegie Mellon University, says secure coding and memory safety should be incorporated into computer science curriculum.

Published March 13, 2023
David Jones's headshot
Reporter
CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development.
CISA Director Jen Easterly speaks at Carnegie Mellon University urging the tech industry to embrace secure-by-design product development. Permission granted by Carnegie Mellon University

Cybersecurity and Infrastructure Security Agency Director Jen Easterly, renewed calls for private industry to develop more secure technology products, weeks after a major address at Carnegie Mellon University

The transition to secure-by-design will require a major shift in how technology products are developed, Easterly said, and that will include changes in the code used to develop software. 

After meeting with students and faculty at CMU last month, Easterly is calling on universities to include security as a standard feature in computer science coursework, she said in a blog post released Friday.  

“Students need to be well educated on security – including on memory safety and secure coding practices, and professors have a major role here,” Easterly wrote in the blog post. “Steps taken today at universities around the country can help spur an industrywide change towards memory safe languages and add more engineering rigor to software development which in turn, will protect all technology users.”

Tech manufacturers need to change the way they develop new products so less time will be spent fixing defective products. This will leave more time for innovation and growth, she said. 

  • The burden of safety should never fall on customers.
  • Tech manufacturers should embrace radical transparency and quickly disclose safety concerns.
  • Tech manufacturers should lay out a road map showing plans for how products will be developed and updated to make sure they are secure-by-design and secure-by-default.

The Easterly speech in late February laid the groundwork for the release of the Biden administration’s National Cybersecurity Strategy. It serves as a comprehensive blueprint for how government and private industry hopes to tackle the rise of malicious cyber activity from both criminal gangs and nation-state adversaries. 

The strategy calls on a major shift to hold software developers and other manufacturers accountable for the safety and security of their products, including the expectation that Congress will enact new legislation to support some type of enforcement mechanism

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell