As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US government agencies have shadow IT infrastructure problem, cybersecurity risks, says GAO
March 5, 2020
Federal agencies are facing increasing cybersecurity risks due to a bevy of IT facilities aren’t being tracked as full-fledged data centers, according to a General Accountability Office report. As noted previously, federal agencies have been consolidating and closing data centers over the years, but a narrower definition of what facilities should fall under an optimization program means that ...
- Swiss encryption company secretly owned by U.S. and German intelligence agencies
February 11, 2020
The U.S. intelligence community actively monitored for decades the diplomatic and military communications of numerous Latin American nations through encryption machines supplied by a Swiss company that was secretly owned by the CIA and the German intelligence agency, BND, according to reports today by the German public television channel, ZDF and the Washington Post. Declassified records ...
- Federal Agencies Use Cellphone Location Data for Immigration Enforcement
February 7, 2020
The Trump administration has bought access to a commercial database that maps the movements of millions of cellphones in America and is using it for immigration and border enforcement, according to people familiar with the matter and documents reviewed by The Wall Street Journal. The location data is drawn from ordinary cellphone apps, including those for ...
- Malware infection disrupts production at defence contractor plants in three countries
September 27, 2019
One of the biggest defence contractors in the world is having a very bad week after malware infected the company’s network and caused “significant disruption” at plants in three countries, the company said on Thursday. The infection took root on Tuesday, September 24, and affected Rheinmetall AG, a German corporation based in Düsseldorf, and one of ...
- New Bedford Hit With $5.3m Ransomware Demand
September 5, 2019
A Massachusetts city has revealed that cyber-criminals tried to hold its data ransom to the tune of more than $5m over the summer, in a sign of the growing risk to organizations from online extortionists. The city of New Bedford was hit with the popular Ryuk strain of ransomware in early July, encrypting data on over 150 ...
- Over 20 Texas local governments hit in ‘coordinated ransomware attack’
August 18, 2019
Twenty-three local Texas governments have been infected with ransomware last week in what Texas officials have described as a coordinated attack. The attack took place on Friday morning, August 16, US time, when several smaller local Texas governments reported problems with accessing their data to the Texas Department of Information Resources (DIR). DIR officials did not pubish ...