Sunday, 28 April 2013

SC Magazine Interview: “A lack of security development and technology transparency harms users“ and the “Building a bank as fast as a restaurant” analogy

While at InfoSec last week I did an interview for SC Magazine UK that came out quite well (it’s good not to be misquoted :) ).

You can read it at http://www.scmagazineuk.com/infosec-2013-a-lack-of-security-development-and-technology-transparecy-harms-users/article/290460/
image

The Bank analogy was that for software/app developers (including most at InfoSec) what matters is that the app (i.e. the Bank) looks good (regardless if there is a vault or not).

And since it is easier and cheaper to build a bank with a great frontend but no vault (for the same cost as building a restaurant), there is very little incentive to invest in 'secure coding' since the customer cannot tell the difference (until there is an compromise of course)