As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Pentagon Challenges White Hats with New “Hack the Air Force” Bug Bounty Program
April 27, 2017
The Pentagon is launching its largest bug bounty project thus far, this time asking hackers to find flaws in the Air Force’s platforms. “Hack the Air Force” will be open not only to experts in the United States but also from the United Kingdom, Canada, Australia, and New Zealand, or, in other words, what we’ve come ...
- DOE releases results of energy cybersecurity emergency exercise
April 25, 2017
The U.S. Department of Energy (DOE) recently released the findings and recommendations from Liberty Eclipse, a multi-state cyber-energy preparedness exercise hosted by DOE and the National Association of State Energy Officials (NASEO) in December 2016. The exercise simulated a cyber attack on the energy infrastructure, including electricity, gasoline, jet fuel, heating oil, and other energy services, ...
- NSA’s DoublePulsar Kernel Exploit In Use Internet-Wide
April 24, 2017
If you’re on a red team or have been on the receiving end of a pen-test report from one, then you’ve almost certainly encountered reports of Windows servers vulnerable to Conficker (MS08-067), which has been in the wild now for nearly 10 years since the bug was patched. A little more than two weeks after the ...
- US Court Sentences Russian Lawmaker’s Son to 27 Years in Jail for Hacking
April 21, 2017
The son of a prominent Russian lawmaker was sentenced on Friday by a US federal court to 27 years in prison after being convicted of stealing millions of US credit card numbers and causing some $170 million in damages to businesses and individuals. This sentence is so far the longest sentence ever imposed in the United ...
- CIA director calls WikiLeaks ‘hostile intelligence agency’
April 13, 2017
CIA Director Mike Pompeo is denouncing WikiLeaks, calling the anti-secrecy group a “hostile intelligence agency.” In his first public speech since becoming director of the agency, the former Republican congressman says WikiLeaks “walks like a hostile intelligence agency and talks like a hostile intelligence agency.” Last month, WikiLeaks released nearly 8,000 documents that it says reveals secrets ...
- Former White House CIO Calls for a Cybersecurity Reset
April 12, 2017
The IT community needs a total reset in the way they think about cybersecurity, according to former White House CIO Theresa Payton. “I think back ten years and I realize that we actually haven’t made a single one of your security problems go away, and you need to hold us accountable for that,” Payton said. “Name ...