Sophos CISO on Software Flaws, Vendor Risk and Secure by Design

https://www.infosecurity-magazine.com/interviews/sophos-ciso-software-flaws-vendor/

Publish Date: 2026-02-03 10:00:00

Source Domain: www.infosecurity-magazine.com

Interview Highlights: Sophos CISO Ross McKerchar on Software Vulnerabilities

In an insightful interview with Infosecurity, Sophos CISO Ross McKerchar discusses the pervasive issue of software vulnerabilities, which have been the root cause of many recent security breaches. McKerchar emphasizes that to combat this menace, enterprises and cybersecurity vendors need to adopt a more proactive stance towards security in software development. He explores the rise of Secure by Design frameworks, stressing their importance in shaping a collaborative approach between cybersecurity leaders (CISOs) and software engineers to forge more resilient software products. McKerchar also encourages CISOs to evaluate vendor operations holistically rather than just focusing on the presence of vulnerabilities, noting that responsible vendors often proactively disclose and fix issues.

Key Points:

Shift to Proactive Attitudes: Enterprises and cybersecurity vendors need to adopt a proactive approach to addressing vulnerabilities.
Secure by Design Frameworks: These frameworks help foster collaboration between CISOs and engineers to create more secure software.
Comprehensive Vendor Assessment: CISOs should look into how vendors operate, not just the presence of vulnerabilities, recognizing that responsible vendors often fix and disclose them.
Responsible Vendor Behavior: Vendors that disclose and address vulnerabilities are typically the most reliable.
Joint Development Strategy: Fostering a collaborative environment to promote the development of secure software is crucial.