As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- U.S., U.K., And Australia Issue Joint Cybersecurity Advisory
July 28, 2021
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA), Australian Cyber Security Centre (ACSC), United Kingdom’s National Cyber Security Centre (NCSC) and Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory today, highlighting the top Common Vulnerabilities and Exposures (CVEs) routinely exploited by cyber actors in 2020 and those vulnerabilities being widely exploited thus ...
- Russia, US launch cybersecurity dialogue, three rounds already held
July 28, 2021
Russia and the US have launched bilateral cybersecurity dialogue, with three formal rounds already held, Russian Deputy Foreign Minister Sergey Ryabkov told reporters on Wednesday. “We are beginning to have a better understanding of security issues in the cyber sphere and its different aspects, starting with the use of the corresponding malware with criminal intent and ...
- UC San Diego Health discloses data breach after phishing attack
July 27, 2021
UC San Diego Health, the academic health system of the University of California, San Diego, has disclosed a data breach after the compromise of some employees’ email accounts. UC San Diego Health is one of the nation’s best hospitals, being repeatedly ranked as the best health care system in San Diego, according to the 2021-2022 U.S. ...
- DHS Announces New Cybersecurity Requirements for Critical Pipeline Owners and Operators
July 20, 2021
WASHINGTON – Today, in response to the ongoing cybersecurity threat to pipeline systems, DHS’s Transportation Security Administration (TSA) announced the issuance of a second Security Directive that requires owners and operators of TSA-designated critical pipelines that transport hazardous liquids and natural gas to implement a number of urgently needed protections against cyber intrusions. “The lives and ...
- Safeguarding Critical Infrastructure Against Threats From The People’s Republic Of China
July 19, 2021
As today’s announcement from the White House indicates, the cyber threat from the People’s Republic of China (PRC) continues to evolve and poses a real risk to the nation’s critical infrastructure, as well as businesses and organization of all sizes at home and around the world. CISA regularly shares actionable information to help security professionals ...
- CISA: Chinese State-Sponsored Cyber Operations – Observed TTPs
July 19, 2021
The National Security Agency, Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China state-sponsored malicious cyber activity is a major threat to U.S. and Allied cyberspace assets. Chinese state-sponsored cyber actors aggressively target U.S. and allied political, economic, military, educational, and critical infrastructure (CI) personnel and ...