Security News > 2022 > May > Software patching must work like car safety recalls, says US cyber boss

Software made unsafe by dependencies should be fixed without users needing to interact with the source of the problem, according to US National Cyber Director Chris Inglis, who serves in the Executive Office of the President.

Speaking to The Register at the Black Hat Asia conference in Singapore on Friday, Inglis said that when a faulty component in a car needs to be replaced, the manufacturer who chose that component takes responsibility for securing safe parts and arranging their installation.

Inglis wants vendors to take responsibility for their choices so that addressing security issues is easier and users' systems - and the US - can achieve better resilience with less effort.

Inglis told The Register more regulation is coming, and while he wants watchdogs to have the "Lightest possible touch," he also hopes to impose a "Capital cost" on businesses to ensure they invest to improve their capabilities.

Inglis feels such efforts are essential because no entity knows or understands everything it needs to improve its information security.

The US's efforts are improving thanks to the work of the Joint Cyber Defense Collaborative run by the Cybersecurity and Infrastructure Security Agency.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/13/us_cyber_director_patching/