Patrick Opet, Chief Information Security Officer at JPMorgan Chase, has called on the software industry to shift its focus from rapid development to more secure design practices, citing growing risks within the technology supply chain. In an open letter released ahead of the RSA Conference in San Francisco, Opet emphasized that large companies are heavily dependent on a limited number of third-party providers. This concentration increases the potential for widespread disruption if a single provider is compromised. JPMorgan has experienced multiple incidents involving its vendors in recent years, including a 2024 software issue that affected over 451,000 individuals and disruptions related to the CrowdStrike outage that impacted critical industries worldwide.
Opet stressed the need for software that is secure by default and highlighted how modern tools such as OAuth can create direct links between external services and sensitive company systems, increasing exposure to cyber threats. He also pointed to recent cases of state-linked hacking groups targeting cloud platforms and remote access tools. Opet advocated for higher security standards, transparency regarding access rights, and new technologies like confidential computing to protect sensitive data. His message aligns with broader calls in the cybersecurity community for stronger oversight and shared responsibility across the software development ecosystem.
