As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- US slaps new sanctions on Russia over NotPetya cyberattack, election meddling
March 15, 2018
The White House has introduced a new round of sanctions on Russia, accusing the government of launching “the most destructive and costly cyberattack in history.” In a statement, the US Treasury said it has targeted 19 individuals and five entities for their parts in conducting “destabilizing activities,” including interfering with the US elections in 2016 to their ...
- Cyberattacks Put Russian Fingers on the Switch at Power Plants, U.S. Says
March 15, 2018
The Trump administration accused Russia on Thursday of engineering a series of cyberattacks that targeted American and European nuclear power plants and water and electric systems, and could have sabotaged or shut power plants off at will. United States officials and private security firms saw the attacks as a signal by Moscow that it could disrupt ...
- US special counsel indicts 13 members of Russia’s election meddling troll farm
February 16, 2018
Special Counsel Robert Mueller’s office said Friday that a grand jury has indicted 13 Russian nationals and three Russian entities accused of violating federal laws in order to interfere with US elections and political processes during the 2016 presidential race. The indictment says that the defendants, by early to mid-2016, were “supporting the presidential campaign of then-candidate Donald ...
- Cyber Espionage Group Targets Asian Countries With Bitcoin Mining Malware
February 7, 2018
Security researchers have discovered a custom-built piece of malware that’s wreaking havoc in Asia for past several months and is capable of performing nasty tasks, like password stealing, bitcoin mining, and providing hackers complete remote access to compromised systems. Dubbed Operation PZChao, the attack campaign discovered by the security researchers at Bitdefender have been targeting organizations in the government, ...
- Tillerson proposes Cyberspace and Digital Economy Bureau to address security, policy creation
February 7, 2018
US Secretary of State Rex Tillerson wants to develop a Bureau of Cyberspace and the Digital Economy, according to a letter from him to Edward Royce, the chair of the committee of foreign affairs. The bureau, as described in the letter, would help the US lead international efforts in all aspects of cyberspace. As the world, its economy, ...
- DoD Studying Implications of Wearable Devices Giving Too Much Info
January 30, 2018
Defense Department officials are studying security issues raised by physical conditioning trackers that also can be used to track service members’ whereabouts, a Pentagon spokesman told reporters today. The concern comes from a “heat map” posted by Strava — the makers of a fitness tracking application that shows the routes service members run or cycle in ...