After years of imploring government officials to stay out of their way, some security industry executives have reversed their position and are asking for Washington’s input to improve software quality and network security. How serious they would be about following government suggestions or rules, however, is in doubt, experts say.
The accession is part of a massive set of recommendations released last week by an organization called Improving Security Across the Software Development Lifecycle, a group of industry executives and security experts from government agencies and academia that reports to the NCSP (National Cyber Security Partnership).
One of the key recommendations is that the Department of Homeland Security “examine whether tailored government action is necessary to increase security across the software development life cycle.” However, this request is at odds with the position many in the industry—including some of the group’s key members—have taken for years.
Software providers such as Microsoft Corp., Oracle Corp. and others have maintained that there is no way to legislate security and that the government lacks the technical expertise to understand the problems.