Mastodawn

May 12, 2025

⚠️ UK cyber debate heats up: Should insecure software vendors be punished? YES 🏛️💥

At CYBERUK 2025, NCSC CTO Ollie Whitehouse argued vendors must face real costs for shipping insecure products, likening software to “food labelling” standards. Industry leaders from Vodafone, Mandiant, Sage, and Canada’s Cyber Centre countered that a functional market and customer choices already reward security investments.

🎯 NCSC’s view:
🛠️ Impose penalties for poor security to incentivize best practices
📜 Publish and ratify a Software Security Code of Practice

🎯 Industry’s view:
🤝 Trust customers to abandon sub-par vendors
🔍 Focus on clear guidance and robust procurement criteria

The core question remains: Will regulation or market forces deliver safer software? Market forces have failed us thus far.

#CyberSecurity #SoftwareSecurity #Governance #CYBERUK #NCSC #security #privacy #cloud #infosec
https://www.theregister.com/2025/05/12/uks_cyber_agency_and_industry/

Britain's cyber agents and industry clash over how to tackle shoddy software

CYBERUK: Providers argue that if end users prioritized security, they'd get it

The Register

Mathew J. Schwartz May 10, 2025

The U.K. government is set to replace SMS-based verification systems for digital services this year with passkeys, stored on users' phones, to shore up cyber defenses.
https://www.databreachtoday.com/uk-government-to-roll-out-passkeys-late-this-year-a-28348 #cyberuk

Mathew J. Schwartz May 8, 2025

Proliferation of artificial intelligence-enabled technology will widen access to offensive tools by nation-state groups and other hackers, with critical infrastructure a top a prime target, British cybersecurity official warns.
https://www.databreachtoday.com/uk-warns-ai-based-attacks-against-critical-infrastructure-a-28341 #cyberuk