Episode 448 - What's wrong with CISA?

Josh and Kurt talk about a few things that have recently come out of CISA. They seem to be blaming the vendors for a lot of the problems, but there's also not any actionable advice telling the vendors what they should be doing. This feels like the classic case of "just security harder". We need CISA to be leading the way funding and defining security, not blaming vendors for giving the market what it demands. Show Notes iCloud Photos Downloader CISA boss: Makers of insecure software must stop enabling today's cyber villains A Security Market for Lemons CISA and FBI Release Secure by Design Alert on Eliminating Cross-Site Scripting Vulnerabilities CISA Secure by Design Pledge Railroad Newsletter CISA Secure Software Development Attestation Form