We’ve been at this cybersecurity thing for a long time. Are products improving their security? A recent study says they aren’t.
Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products.
This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Michael L. Woodson (@mlwoodson), CISO, MBTA.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, Palo Alto Networks

On this episode of Defense in Depth, you’ll learn:
- We focus our conversation mostly on consumer products, notably networking, which was the focus of the relevant study.
- Some basic measurements of security, such as stack guards and buffer overflow protection, showed no noticeable improvement.
- Margins are so slim on consumer products that manufacturers are in a bind. They can’t overcharge and stay competitive, so they have to underdeliver, and often security protections are cut as a result.
- People accept the failures of cybersecurity products by just accepting the end user license agreement (EULA).
- Be very careful with these agreements. Often a vendor will make outrageous claims like saying they own the data.
- When we have security incidents companies are not blamed or liable.
- What type of pressure would need to be put on manufacturers to get them to improve security? Will it have to be standards, regulations, or government regulations?