And while I’m on government initiatives, Dark Reading on CISA’s secure-by-design initiative one year later. Their take: There’s been significant progress in raising awareness about secure design, and the initiative has set out principles for safe design and has influenced software security conversations. The initiative has collaborated with 16 other nations, extending its influence beyond US borders. Practical steps have been taken, such as building secure design into public procurement processes. Future focus areas are relevant and important, such as encouraging “secure by demand,” understanding economic impacts on software security and incorporating security into education.
However, the initiative needs to provide more detailed guidance on threat modeling, a crucial aspect of secure design. The legislation on liability for software providers, a potential game changer, is yet to be introduced. The focus on education needs to be extended to support the education of current software designers and upskill the next generation of developers.
I’ll offer that Information Week also has a good read.
Gartner identifies three areas for CISOs to augment their cybersecurity approach: building cyber fault tolerance in the business, streamlining to a minimum effective cyber toolset, and building a resilient cyber workforce. CISOs should focus on adapting to and recovering from issues in generative AI, implementing third-party-specific business continuity plans, adopting the fewest number of tools required, and creating a resilient workforce through support, sharing failure/learning stories, and reducing burnout.
And a bit of different hacking – Venture Beat interviews a prolific jailbreaker of large language models (LLMs) such as GPT-4o. The jailbreaker, known as “Pliny the Prompter,” has been finding ways to bypass content restrictions on LLMs and has even created a community for other jailbreakers. The interview explores Pliny’s motivations, goals, techniques, and the impact of jailbreaking on AI model providers and users. Pliny believes that jailbreaking raises awareness about the capabilities of AI and advocates for removing restrictions for transparency and freedom of information.
And a piece in GeekWire. Emovid, a Seattle-based startup led by former Evite CEO Victor Cho, aims to revolutionize workplace communication by replacing written emails with asynchronous video messages. Emovid’s platform allows users to record and share video messages for later viewing, offering a more authentic way of conveying messages. The startup also utilizes artificial intelligence to generate video summaries and improve the appearance of speakers. Emovid is currently raising a seed round and accepting users on its waitlist.
Why do we care?
I can’t get video email as a useful tool out of my head, and thus I just wanted to plant the seed of idea for listeners.
Secure By Design will slowly become a norm… because the government is out to protect consumers. MSPs and software developers must stay ahead of secure design practices and legislative developments to ensure compliance and enhance their service offerings. How many of your vendors have signed on?
And learn about how hackers work – that Pliny read is enlightening.
