Cybersecurity

Davey Winder provides details of the LabHost bust by British police in partnership with Microsoft and others - and explains LabHost's modus operandi

In the last blog we talked about what everyone assumed was the most boring topic that you could talk about, keeping your dependencies up to date. But I think I’ve got it topped this time, this time we are going to be talking about that number one thing that all developers love spending their time working on... Logging.

The differences between application security and developer security are simple enough in principle, but go significantly further as soon as you get past the surface. Many people in the cyber security community seem to place a great emphasis on the effectiveness of application security but in many cases, will completely negate the secondary portion of this which is securing the individual who is responsible for introducing security bugs to the software. I'm not saying that to be harsh, mistakes are a simple part of life and without the proper tooling and education it is very easy to continue to produce mistakes especially when greeted with constricted timelines and consistent budget crunch.

It is common for companies to neglect financing in cyber security for a quick short term gain. And at the same time the laws are created such that an offensive hacker would be the criminal. By turning the law around the blame would be on the company for building insecure systems, just like it is right now companies get problems if they would create unsafe products for consumers.

What do you think would happen if laws would change in such a way, that gaining unauthorized access would become legal? Note that I've intentionally excluded permission to share sensitive information. Would love to read your responses and thoughts