"I welcome the attention, but I worry that the reporting conflates two distinct aspects of infosec: software engineering and enterprise security. When it comes to proposed solutions, the focus is usually on the former: there are growing calls for government-mandated coding standards or special forms of vendor liability. On these topics, we’re shooting from the hip."

https://lcamtuf.substack.com/p/product-security-barking-up-the-wrong

#security #cybersecurity #infosec