I’m out in Las Vegas this week at CA World and on Tuesday I ran into Ron Moritz. CA’s chief security strategist and the former CTO at Symantec. Moritz is one of those people who is not often in the spotlight, but who works tirelessly behind the scenes on any number of industry-wide initiatives and public-private projects.
He’s served on a number of government advisory committees and on Tuesday he was showing Greg Garcia, the assistant secretary for cybersecurity and communications at the Department of Homeland Security, around the show.
Garcia gave a speech yesterday on the need for better cooperation among software vendors, customers and the government on software security. Garcia has been spending a lot of time on the road, taking the pulse of the industry and customers on this topic, and he made it clear that he believes the government has a role to play in improving software quality, but that in the end it is ultimately the responsibility of the vendors themselves. He urged customers to encourage their software suppliers to focus more on security, even if it means sacrificing some bells and whistles. This happens in some corners of the industry now, and the federal government does some of this as well, with its requirement that software work with its secure configurations.
“In my view it’s not yet enough on a national scale,” Garcia said. “I’m not sure we’re keeping up with our adversaries. They’re organized and they are committed.”