Three CISA Senior Advisers on Secure by Design
The Lawfare Podcast
The Lawfare Institute
4.7 • 6.4K Ratings
🗓️ 22 December 2023
⏱️ 56 minutes
🧾️ Download transcript
Summary
Secure by Design means different things to different people. As part of Lawfare’s ongoing project to understand what Secure by Design might mean in practice, we are trying to identify the open questions—areas where research or inquiry might help our collective understanding of the concept and how it might work. Lawfare Contributing Editor Paul Rosenzweig sat down with three Senior Advisers to CISA—Lauren Zabierek, Jack Cable, and Bob Lord—who work on the cutting edge of SbD design and implementation, to get their thoughts on research that would be of ongoing value to their efforts to define an SbD standard.
You can watch a video version of their conversation here.
For more information, including the resources mentioned in this episode:
- CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide | CISA
- CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps | CISA
- Blog: The Next Chapter of Secure by Design | CISA
- Expanded Secure by Design Publication: Secure-by-Design | CISA
- White Paper: https://www.cisa.gov/resources-tools/resources/secure-by-design (English and Spanish versions available)
- Blog on Memory Safety: The Urgent Need for Memory Safety in Software Products | CISA
- Applying Secure By Design to events : Applying “Secure By Design” Thinking to Events in the News | CISA
- RFI on secure software attestation form: CISA Requests Comment on Draft Secure Software Development Attestation Form | CISA
- Director Jen Easterly on updated Secure by Design in Singapore (start 2:12): SICW Opening Ceremony & SICW High-Panels - Opening Plenary - YouTube
- Rosenzweig on Auto/Cyber Liability: https://tcg-website-prod.azurewebsites.net/the-evolving-landscape-of-cybersecurity-liability/
- Unsafe At Any Speed: CISA's Plan to Foster Tech Ecosystem Security (youtube.com)
Support this show http://supporter.acast.com/lawfare.
Hosted on Acast. See acast.com/privacy for more information.
Transcript
Click on a timestamp to play from that location
| 0:00.0 | The following podcast contains advertising. |
| 0:04.0 | To access an ad-free version of the Lawfair Podcast, |
| 0:08.0 | become a material supporter of Lawfair at Patreon.com slash Lawfair. That's Patreon.com |
| 0:16.4 | slash Lawfair. Also check out Lawfair's other podcast offerings, rational security, chatter, lawfare no bull, and the aftermath. |
| 0:30.0 | May I have your attention please you can now book your train tickets on Uber and |
| 0:39.4 | get 10% back in credits to spend on your next Uber ride. |
| 0:44.2 | So you don't have to walk home in the rain again. |
| 0:48.6 | Trains now on Uber. |
| 0:50.4 | T's and C's apply. |
| 0:51.3 | Check the Uber app. One thing we've noticed at CISA and others have noticed too is that right now if you look at the list of |
| 1:04.7 | CBEs that the most impactful vulnerabilities, CISA also publishes the |
| 1:08.8 | the known exploited vulnerabilities list which shows which vulnerabilities we know have been leveraged in cybersecurity incidents. |
| 1:16.0 | It's very hard I've tried myself to actually learn from this |
| 1:20.0 | what the most common causes of these vulnerabilities are and even more so how these are tied to |
| 1:27.2 | cyber security incidents in the wild. |
| 1:29.2 | I'm Paul Rosenswain, contributing editor of Law Fair, and this is the Law Fair podcast, December 22nd, |
| 1:37.0 | 2023. Our topic today is software liability. It's generated by President Biden's cybersecurity |
| 1:46.8 | strategy which proposes to impose liability on those who manufacture |
| 1:51.8 | software with code problems within it. |
| 1:56.7 | I sat down with Lauren Zabriac, Bob Lord, and Jack Cable, who are senior advisors in the Cybersecurity and Infrastructure |
| 2:06.6 | Security Agency at the Department of Homeland Security, who are the go-to people on the topic of what it means to design secure software code. |
| 2:18.0 | And as part of Law Affairs's ongoing project to understand what secure by design might mean in practice, |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from The Lawfare Institute, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of The Lawfare Institute and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.