CISA director calls on tech companies to build security into products

• "We’ve normalized the fact that technology products are released to market with dozens, hundreds or thousands of defects, when such poor construction would be unacceptable in any other critical field," she added.

Why it matters: The remarks tee up a highly anticipated national cybersecurity strategy expected from the White House that will push tech companies to create more secure products.

The big picture: Typically, the security of an organization is pinned to the performance of a company's security teams or employees themselves.

• However, the strategy is expected to turn that view on its head and target the common vulnerabilities found in tech vendors' products.

Between the lines: Tech companies regularly release security patches for their products. Microsoft, for example, publishes such fixes on the first Tuesday of every month in an event known as "Patch Tuesday."

• But not all security flaws are noticed in time, and malicious hackers often use these flaws to breach organizations.

• The Biden administration is looking to crack down on the existence of these security flaws to begin with, rather than continuing the trend of blaming victim organizations for failing to stay secure.

Yes, but: Putting security first will require systemic changes at major technology companies in how they produce and create new products, including possibly changing what coding languages developers use to create software.

The intrigue: Easterly also encouraged organizations to adopt more stringent requirements that their tech vendors must meet to land a contract.

Sign up for Axios’ cybersecurity newsletter Codebook here.