Bob Lord
In cybersecurity, we've built a culture that glamorizes the adversary and shames the victim. We marvel at the ingenuity of attackers, blame users for clicking the wrong link, and treat every breach as an isolated failure. But we rarely ask the more uncomfortable question: Why was the software so easy to break in the first place?
This talk is about shifting that focus. It's time to stop centering our stories on Villains and Victims, and start talking about the Vendors whose design decisions make these attacks not just possible, but inevitable.
Drawing from years of work in software security and public policy, I'll explain why the industry has normalized unsafe software, and how we can unlearn that complacency. We'll explore the role of incentives, the limits of "best practices," and the power of transparency, regulation, and accountability to force a reckoning, just as they did in aviation, automotive safety, and healthcare.
If you're ready to stop treating software insecurity as a mystery or a matter of chance, and start treating it as the consequence of choices—this talk is for you.
