That is important context, but I still agree with what she's said in this article. It's also rich that Cisco especially -- a company known for hard-coding backdoors into their products for decades -- is "taking a pledge" to do better.

I agree that software should often get more tests to improve security.

I don't think supporting companies that sign a meaningless pledge improves anything and I question her motives in trying to shame people who use companies that have not signed this pledge.

I see it as the opposite: as ex Deputy Head of TAO Easterly is no retard.

And there's a difference between defective software that leads to vulns exploited by crime gangs and NOBUS backdoors that the good guys use to keep you safe. Sounds bullshit, right?

That's how far the public discourse on cyber has diverged from the reality, which is part of the issue. Easterly's push for renaming cyber actors and flaws is smart. Bad quality comes from mindset, attitude. And names are important, as programmers should know! :)

I would prefer it if she had a GitHub profile tho. Always cool if you do that.

So I'm aware she worked for the NSA but this is the first I'm hearing of her working for TAO.

I had thought she worked at the NSA's IAD (defensive side) pre-merge of the offensive and defensive sides.

I think NSA and CISA have different objectives.