This analysis piece argues that Puerto Rico, like the rest of the United States, suffers from a cybersecurity model that places too much responsibility on software users rather than the companies that build the products. The article describes this reactive approach as 'patch and pray,' where government agencies, hospitals, utilities, schools and businesses scramble monthly to install security updates before cybercriminals exploit newly discovered vulnerabilities.
The 'patch and pray' approach, where software companies release security updates and users rush to install them, is a dangerous model
It cites the Cybersecurity and Infrastructure Security Agency's (CISA) 'Secure by Design' initiative, which encourages developers to build security into products from the outset, but argues voluntary guidelines are insufficient. The piece calls for the federal government to make Secure by Design a mandatory requirement for companies seeking government contracts, noting Washington is one of the world's largest software buyers.
It states Puerto Rico's public agencies would benefit from higher standards, since emergency patching consumes time, money and technical resources that could otherwise go toward modernizing services and improving resilience. The article references recent threats, including 'Crypto Clipper' malware campaigns that steal cryptocurrency by silently replacing wallet addresses, and a newly disclosed vulnerability identified as CVE-2026-50656, though the text is truncated before further explanation.