As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US offers $15m reward for information about Conti ransomware gang
May 9, 2022
The US government is offering up to $15 million for information about key leaders of the notorious Conti ransomware group and any individual participating in an attack using a variant of Conti’s malware. In its notice issued May 6, the US Department of State said the Conti ransomware variant was the costliest strain of ransomware on ...
- Former Twitter employees charged with spying for Saudi Arabia by digging into the accounts of kingdom critics
May 6, 2022
The Justice Department has charged two former Twitter employees with spying for Saudi Arabia by accessing the company’s information on dissidents who use the platform, marking the first time federal prosecutors have publicly accused the kingdom of running agents in the United States. One of those implicated in the scheme, according to court papers, is an ...
- White House: Quantum computers could crack encryption, so here’s what we need to do
May 5, 2022
The White House has announced a set of proposals for keeping the US ahead in the quantum computing race globally, while mitigating the risk of quantum computers that can break public-key cryptography. Quantum computers powerful enough to break public-key encryption are still years away, but when it happens, they could be a major threat to national ...
- FBI: Business Email Compromise – The $43 Billion Scam
May 4, 2022
This Public Service Announcement is an update and companion piece to Business Email Compromise PSA I-091019-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021. DEFINITION Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform ...
- US Cyber Command shored up nine nations’ defenses last year
May 4, 2022
US Cyber Command chief General Paul Nakasone has revealed the agency he leads conducted nine “hunt forward” operations last year, sending teams to different counties to help them improve their defensive security posture and hunt for cyberthreats. These missions provide “security for our nation in cyberspace,” said Nakasone, who is also director of the National Security ...
- Hack DHS: Homeland Security’s first bug bounty turns up 122 vulnerabilities
April 25, 2022
The US Department of Homeland Security (DHS)’s first bug bounty with external researchers called “Hack DHS” helped discover 122 vulnerabilities. DHS announced the Hack DHS bounty in December and in phase one of the program invited more than 450 “vetted security researchers” to get involved. DHS suggests the program produced solid results: 27 or about 22% ...