The Seniors Center’s President and founder of the Council to Reduce Known Cyber Vulnerabilities, Dan Perrin, recently published a piece over at The Hill calling for increased scrutiny and quality controls when it comes to how we buy and sell computer software.
As the “WannaCry” worm continues to infect thousands of machines worldwide, those working to control the damage find themselves facing yet another devastating cyberattack resulting from a known hardware or software vulnerability.
As Perrin explains, nearly every piece of software on the market today is knowingly released with vulnerabilities–vulnerabilities that worms like “WannaCry” can exploit to gain control of your data or your system. In this case, the exploit is called “EternalBlue,” a program that attacks a known vulnerability in Windows.
But that begs the question: why are companies knowingly releasing and selling products with these critical vulnerabilities?
Because they can. Currently, companies aren’t required to test for these weak spots and there is no third party or independent agency inspection of the product prior to sale. To make matters worse, End User License Agreements signed by the users of these products agree that the manufacturers aren’t liable for damage from known defects or vulnerabilities.
But Perrin says enacting commonsense legislation that holds manufacturers accountable for fixing security issues in their software and performing full security audits could prevent the next big attack.