Week 393 was posted by Charanjit Chana on 2025-05-06.
Patrick Opet, the Chief Information Security Officer at J.P. Morgan sent an open letter that outlines the need for a shift in how much companies focus on features over security.
It is not only neccasary, but refreshing.
Everything is connected now, whether we like it or not. Web development is a state of bloat that has persisted into a second decade. There's not enough crafting on the web, it's all about delivery. Often at speed at the cost of security and definitely at the cost of privacy.
- Software providers must prioritize security over rushing features. Comprehensive security should be built in or enabled by default.
- We must modernize security architecture to optimize SaaS integration and minimize risk.
- Security practitioners must work collaboratively to prevent the abuse of interconnected systems.
The second point is probably the hardest to achieve. Keeping ahead of the curve isn't impossible but it eats away at feature development in a significant way. But if this is the new normal, then I am fully on board.
Opet starts his call to arms:
We stand at a critical juncture. Providers must urgently reprioritize security, placing it equal to or above launching new products.
How it should have been from the start. Universities should spent as much time focusing on OPSEC as a concept as much as they would OOP and whatever else they push students towards these days.
Tags: