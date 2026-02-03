In this Infosecurity interview, we speak with Sophos CISO Ross McKerchar about one of the biggest topics dominating cybersecurity headlines today, software vulnerabilities.

With flaws driving some of the most significant breaches in recent years, Ross highlights why these issues remain so widespread and how both enterprises and cybersecurity vendors themselves must take a more proactive role.

We dig into the rise of Secure by Design frameworks, what meaningful adoption really looks like and why security providers need to be especially mindful of their own development practices.

In conversation with Infosecurity, Ross shares insights into:

How CISOs can raise the bar by shifting from binary 'did they have a vulnerability' thinking to evaluating how vendors actually operate

Why the presence of issues doesn’t automatically mean a vendor is insecure and why its important to realise the ones disclosing and fixing vulnerabilities are often the most responsible

How Secure by Design frameworks help both CISOs and engineers work together and provide direction for the development of more secure software products

Watch now to learn how to protect your organization implement strategies to avoid falling victim to this risk.

Resources:

Sophos' Secure by Design 2025 Progress: https://www.sophos.com/en-us/blog/sophos-secure-by-design-2025-progress

Sophos progress on its CISA Secure by Design pledge: https://www.sophos.com/en-us/blog/sophos-provides-progress-on-its-pledge-to-cisas-secure-by-design-initiative

NCSC vulnerability management guidance: https://www.ncsc.gov.uk/collection/vulnerability-management

NCSC Secure by Design principles: https://www.ncsc.gov.uk/collection/cyber-security-design-principles

