In this Infosecurity interview, we speak with Sophos CISO Ross McKerchar about one of the biggest topics dominating cybersecurity headlines today, software vulnerabilities.
With flaws driving some of the most significant breaches in recent years, Ross highlights why these issues remain so widespread and how both enterprises and cybersecurity vendors themselves must take a more proactive role.
We dig into the rise of Secure by Design frameworks, what meaningful adoption really looks like and why security providers need to be especially mindful of their own development practices.
In conversation with Infosecurity, Ross shares insights into:
- How CISOs can raise the bar by shifting from binary 'did they have a vulnerability' thinking to evaluating how vendors actually operate
- Why the presence of issues doesn’t automatically mean a vendor is insecure and why its important to realise the ones disclosing and fixing vulnerabilities are often the most responsible
- How Secure by Design frameworks help both CISOs and engineers work together and provide direction for the development of more secure software products
Watch now to learn how to protect your organization implement strategies to avoid falling victim to this risk.
Resources:
- Sophos' Secure by Design 2025 Progress: https://www.sophos.com/en-us/blog/sophos-secure-by-design-2025-progress
- Sophos progress on its CISA Secure by Design pledge: https://www.sophos.com/en-us/blog/sophos-provides-progress-on-its-pledge-to-cisas-secure-by-design-initiative
- NCSC vulnerability management guidance: https://www.ncsc.gov.uk/collection/vulnerability-management
- NCSC Secure by Design principles: https://www.ncsc.gov.uk/collection/cyber-security-design-principles
Watch more: Inside North Korea’s IT Worker Scam: Sophos CISO Shares How to Stay Protected