As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Trump administration limits government use of Kaspersky Lab software
July 11, 2017
The Trump administration on Tuesday removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. The delisting represents the most concrete action taken against Kaspersky following months of mounting ...
- U.S. warns businesses of hacking campaign against nuclear, energy firms
July 1, 2017
The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyber attacks. Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint ...
- NSA Advocates Data Sharing Framework
June 23, 2017
The economics of cybersecurity are skewed in favor of attackers, who invest once and can launch thousands of attacks with a piece of malware or exploit kit. That’s why Neal Ziring, technical director for the NSA’s Capabilities Directorate, wants to flip the financial equation on bad guys. “We need to conduct defenses in a way that ...
- US Secretary of State: Я буду работать с Россией по вопросам кибербезопасности
June 23, 2017
US Secretary of State Rex Tillerson has expressed a willingness to work directly with Russia on cybersecurity and other issues. The proposed partnership is surprising, given the continued controversy over allegations that the Russians interfered with last year’s US presidential election – a serious accusation at the center of an ongoing Congressional inquiry. Secretary of State Tillerson ...
- Cybersecurity Demands a Military Mindset
June 21, 2017
American corporations have a high degree of cybersecurity risk awareness, and yet many enterprises, especially in non-regulated sectors, fall short in their cybersecurity stance. This is mainly because executives see security as an ROI-less investment mandated by regulation. Even worse, executives suffer from two psychological biases: “We haven’t suffered a breach this year, so no need ...
- U.S. Government Embraces Automated Cybersecurity
June 16, 2017
Agencies in the federal government are working to develop tools and software that would automate cybersecurity – essentially, an effort to remove human error from the equation. A new report out by NextGovdetails the automation effort, and why these tools aren’t yet ready for government-wide deployment. Much of the cybersecurity efforts in government currently, revolve around ...