Howard Schmidt appointed US cyber czar

Howard Schmidt has been appointed as the US’s cyber czar. The position has been open for months, which is … interesting … considering how vital IT is to the world’s economy and safety.

Mr Schmidt, if you read this blog entry, please consider the following:

  • Web Application Security is the most pressing need for change. It’s the key to nearly all attacks today, and the least well funded. Help OWASP and others to improve developer education, get the message out to CIOs to apportion their training budgets and remediation efforts accordingly.
  • Be positive not negative. The attackers really don’t care if you “keep your computer up to date”. Let’s work mostly on things that can stop the issue in the first place. The horses have already bolted. Let’s make a better stable and fences so they can’t get out again.
  • Push for real security, not security theatre. Listen to Bruce Schneier, and not the profits of doom that want to sell you useless widgets for billions that do nothing but annoy folks.
  • If you can do any change, the first change has to be removal of indemnity for negligence with software development from licenses and sales. If an ISV doesn’t have a security development lifecycle, doesn’t include secure business requirements, and doesn’t require its developers to be trained in security coding practices, it IS negligent, and must be open to lawsuits. What we have today is not working and must be changed.

Published by vanderaj

Just another security geek

Join the Conversation


  1. Hi Andrew,
    You new blog theme sucks bigtime! please revert to the previous theme!

    Nice post btw, I strongly agree, but politics are always a step away from tech.

  2. Nice work. I like the last point. However I wouldn’t discount the need for client side security. Web application security weaknesses enable the “hosting for crimeware” (e.g. SQL injection of malicious iframes etc.) but the crimeware often uses client side vulnerabilities in browsers, plugins and 3rd party software to execute and install.

  3. @AbiusX – the theme is chosen to protest Australian government censorship similar to yours in Iran. We are a free country, and our politicians are going to pay for their hubris and misjudgement on this one.

    @Matthew – Sure – belts and braces, but making my Mum shoulder the entire blame is not working. She needs to keep her stuff up to date – no argument, but if the software she used was safer, there would be fewer patches, fewer possible attacks, and what attacks were possible, would be less problematic. So we need to make sure ISVs know that they MUST do more than they are doing today. They wont as long as there’s no economic nor legal incentive to do the right thing.

  4. New cybersecurity coordinator Howard Schmidt is yet another Obama Administration Czar Wreck!

    Schmidt is a “Distinguished Fellow” of Carnegie Mellon University’s CyLab — whose management is a catastrophe.

    CyLab’s problems include the cover-up of identity fraud, securities fraud, hedge fund fraud, and felony theft-by-deception!

    If there were Congressional oversight, Schmidt would never have been a serious candidate for the critical job he now has.

Leave a comment

Your email address will not be published. Required fields are marked *