Re: OSS
""..organizations need to first secure the open-source software they use."
That would involve engineers - you know, people who can understand the use-case, risks, current state-of-the-art, the related security issues, turn them into requirements and then get it (in-house or subbed out) coded, tested into production and maintained as threats evolve. In addtion, those same engineers could sort out your systems so they're both resilient and less prone to attack. Of course, this would cost a lot more than just downloading stuff off the internet for free plus an insurance premium to protect the bottom line when things go wrong."
Funnily enough, we just had, over the WE, this same kind of conversation with my daughter, about an industrial line of production she's setting up. Classically enough, the whole line is piloted by a workstation, no PLC (a bit of a surprise, though).
She first said it was WinXP-based, prompting me to almost spit out my drink ! Actually, since it's new, I think she got it wrong, it's probably an industrial version of win10.
The conversation went on to how they planned to use this workstation and of course, IT security.
It turns up:
- they'll use it with a SaaS solution, therefore, internet connected, even if no office work will be done there
- security awareness is basically at altitudes close to earth's nucleus, as "security == firewall"
- the IT manager (I kid you not) is ... the procurement director !!!
Gosh, at least here CV is appealing and she's young !
Biting the hand that feeds IT
