Josh Corman, senior adviser for the Cybersecurity and Infrastructure Security Agency (CISA), said at the recent RSA conference that organizations must consider appointing an executive who would oversee the security of software products.
Corman said the need for a chief product security officer (CPSO) arises amid the software-centric nature of recent attacks, Nextgov reported Friday. Corman and Chris Wysopal, founder of Veracode, spoke at the conference about the growing need for CPSOs in organizations.
“The idea is we need this new individual, to do something that, you know, spans many different departments now,” Wysopal said.
Corman noted that a good CSPO would be someone who is bimodal and willing to work with executive stakeholders to develop standards for risk-based hiring.