F-Secure comment on Biden exec order
May 2021 by Paul Brucciani, F-Secure Consultant
Following Biden’s executive order Paul Brucciani, F-Secure Consultant, shares the following words:
“I’m reading the news of President Biden’s Executive Order using Google Chrome which together with the other Google apps comprises 2 billion lines of code developed and maintained by 25,000 developers.
It is hard to write error-free code. One bug per 1000 lines of shipped code is very good going; 15-50 bugs per 1000 lines of code is the industry average. Writing secure code is harder still. It is these flaws that are used in cyber attacks to compromise the security of the target’s It.
Consider then the context in which security software is produced. There are around 3,500 cyber security companies in the world of which 1,500 have received venture funding since 2017. Their primary aim is to survive by bringing to market as fast as possible a minimum-viable product and start gaining some market share, in the hope that they are bought before they run out of cash. The cyber security market is distorted. Free market economics do not apply. It is not the best products that sell, but the best marketed ones. Until we have an objective way to verify the efficacy of cyber security solutions, no amount of extra funding, heightened actions, or protocols, will make this problem go away entirely”.