As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- The WikiLeaks Hacking Dump Exposed a Big Disconnect Over Cyber Security
March 29, 2017
When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems swung into action. The WikiLeaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s ...
- Germany Fought Off Two Fancy Bear Cyber Attacks in 2016
March 27, 2017
Fears about Russian involvement in European elections, especially after last year’s US election, aren’t exactly unfounded or born out of paranoia. In fact, Germany says it fended off two cyber attacks coming from the same cybercriminals that targeted Hillary Clinton’s campaign. Arne Schoenbohm, a top German official, told Reuters they managed to fight off two attacks ...
- US Critical Infrastructure Cybersecurity Milestone
March 25, 2017
Last week the Idaho National Laboratory (INL) and the Department of Homeland Security (DHS) announced the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity training on defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course. These professionals represent all ...
- Senators reintroduce a bill to improve cybersecurity in cars
March 23, 2017
Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut have reintroduced the Security and Privacy in Your Car (SPY Car) Act of 2017. They first introduced the bill, along with a similar bill for aircraft, during the last session. The SPY Car Act places the onus for automotive cybersecurity and privacy standards on the shoulders ...
- Cyber Firm at Center of Russian Hacking Charges Misread Data
March 21, 2017
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election. The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with ...
- Government Cybersecurity Contractor Hit in W-2 Phishing Scam
March 17, 2017
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that ...