As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Nissan North America data breach caused by vendor-exposed database
January 17, 2023
Nissan North America has begun sending data breach notifications informing customers of a breach at a third-party service provider that exposed customer information. The security incident was reported to the Office of the Maine Attorney General on Monday, January 16, 2023, where Nissan disclosed that 17,998 customers were affected by the breach. Read more… Source: Bleeping Computer
- NSA asks Congress to let it get on with that warrantless data harvesting, again
January 14, 2023
A US intelligence boss has asked Congress to reauthorize a controversial set of powers that give snoops warrantless authorization to surveil electronic communications in the name of fighting terrorism and so forth. NSA director General Paul Nakasone told the Privacy and Civil Liberties Oversight Board yesterday that the loss of Section 702 of the Foreign Intelligence ...
- How Did the FBI Get a Tor User’s IP Address?
January 12, 2023
Polling the internet: what is the best way to de-anonymize a Tor user? Somebody over at the FBI definitely has a method, but they clearly aren’t planning on telling anybody anytime soon. Motherboard originally reported that the bureau has somehow managed to nab the IP address of an alleged criminal using Tor, short for “The Onion ...
- U.S. Federal Aviation Administration says flight personnel alert system not processing updates after outage
January 11, 2023
The U.S. Federal Aviation Administration’s (FAA) system that alerts pilots and other flight personnel about hazards or any changes to airport facility services and relevant procedures was not processing updated information, the civil aviation regulator’s website showed on Wednesday. In an advisory, the FAA said its NOTAM (Notice to Air Missions) system had “failed”. There was ...
- The US government is building an AI sandbox to tackle cybercrime
January 10, 2023
A joint effort between the Science and Technology Directorate (S&T) – housed within the Department of Homeland Security (DHS) – and the Cybersecurity and Infrastructure Security Agency (CISA), an AI sandbox will be designed for researchers to collaborate and test analytical approaches and techniques in combating cyber threats. CISA’s Advanced Analytics Platform for Machine Learning (CAP-M) ...
- A UN committee is struggling to define what cybercrime is in upcoming treaty
January 10, 2023
A United Nations committee – whose members include delegates from the U.S., China and Russia — is meeting throughout this week and next to continue negotiations for a new international cybercrime treaty. Why it matters: The finished UN cybercrime treaty will jumpstart a wave of new laws around the world based on the agreed-upon principles in ...