As said here multiple times, the “patch and pray” method is the vulnerability, not the vulnerabilities themselves. Nothing will change until the IT culture changes. Businesses and governmental agencies do not want to fork out extra money to strengthen defenses until something already happens. They’re reactive, not proactive. In the end, Americans end up paying the price for years to come.
But DARPA Director Arati Prabhakar says that her agency is working to make computing ‘mathematically, provably secure.’
The Pentagon’s emerging technology agency faces almost continuous cyber threats. And according to Director Arati Prabhakar, its strategy so far has been to “patch and pray.”
“I’ve been hacked; you’ve been hacked,” Prabhakar, who heads the Defense Advanced Research Project Agency, said Wednesday at The Atlantic and Aspen Institute’s Washington Ideas forum. “We’re under constant attack, as is pretty much all of the Defense Department. How we all deal with it today is patch and pray … finding vulnerabilities and patching as quickly … as we can.”
DARPA is also working on new technology to protect the ecosystem of connected devices known as the Internet of Things, she said, including one approach that intends to make computing processors “mathematically, provably secure.”
Full article: DOD’s Current InfoSec Strategy Is ‘Patch and Pray’ (Defense One)