Enhancing the security of our products is a critical need for us, but the model itself has even greater value to the broader security community. Red Hat recently open sourced its product security’s incident response team (PSIRT) plan ( IRP), being one of the first organizations to do so. Leaders are also open to sharing their expertise. CSAF or CVSS) - leaders make this happen and don’t wait for others to pick up the pen or the keyboard first. Talking is great to start, but then things have to make it to paper and eventually to a standard with, where necessary, accompany code, rules and guidance (i.e.
NATIVE ACCESS WON T OPEN HOW TO
If an organization simply talks academically about how to fix a challenge or the need for a specific standard, but does little to actually get the work done, that’s not leadership. Just like you can’t call yourself a leader in an open source community that you’ve never actually contributed to, the same can be said for security.
This makes it vital that security leaders actually get their hands dirty and participate in finding, fixing and analyzing these issues. STIG) requirements will only affect a small set of vendors. It’s rare that a bug or exploit in a foundational technology, like the Linux kernel, or a change in compliance (i.e.
NATIVE ACCESS WON T OPEN SOFTWARE
“A rising tide lifts all ships” is how the saying goes, and this couldn’t be more true in the world of software security, especially in open source. Unsurprisingly, given the open source nature of Red Hat, I feel that you can’t be confident in a claim of security leadership without participation as a starting point. Red Hat (and I personally) have been deeply involved with software and systems security for decades, which puts us in a good position to explain what security leadership means in our eyes.
Just like the nature of leadership itself, there isn’t an objective answer here. Practically, what traits should a leader in IT security exhibit? What should they be doing…or not doing? And why do these specific actions matter? But “leadership” doesn’t necessarily mean the same thing across individuals, companies or industries. In the world of product security and compliance, there’s no shortage of leadership, at least on the surface.
0 kommentar(er)
