As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle.
This voluntary guidance provides an overview of product security bad practices that are considered exceptionally risky, particularly for software manufacturers who produce software used in service of critical infrastructure or national critical functions (NCFs). This guidance also provides recommendations for software manufacturers to mitigate these risks.
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Trump ends Biden’s security clearances, intelligence briefings
February 7, 2025
U.S. President Donald Trump on Friday said he was revoking former President Joe Biden’s security clearances and stopping his daily intelligence briefings as there was no need for his predecessor to receive classified information. In a post on Truth Social, Trump referenced a report by Special Counsel Robert Hur that described Biden last year as a ...
- Google Lifts Self-Imposed Ban on Using AI for Weapons and Surveillance
February 5, 2025
Google dropped a pledge not to use artificial intelligence for weapons and surveillance systems on Tuesday. And it’s just the latest sign that Big Tech is no longer concerned with the potential blowback that can come when consumer-facing tech companies get big, lucrative contracts to develop police surveillance tools and weapons of war. Google came under ...
- Grubhub confirms data breach, both drivers and customers are affected
February 4, 2025
Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team. The hacker was able to access private information connected ...
- Spyware maker Paragon confirms US government is a customer
February 4, 2025
Israeli spyware maker Paragon Solutions confirmed to TechCrunch that it sells its products to the U.S. government and other unspecified allied countries. Paragon’s executive chairman John Fleming said in a statement to TechCrunch on Tuesday that “Paragon licenses its technology to a select group of global democracies — principally, the United States and its allies.” Fleming ...
- Deloitte to provide Rhode Island $5 million toward data breach aftermath expense
February 4, 2025
Deloitte will provide Rhode Island with $5 million to go toward paying expenses related to the RIBridges data breach that took place in December of 2024. Separately, Deloitte will also cover the cost of the data breach call center, credit monitoring for affected Rhode Islanders and identity protection, according to a statement from Rhode Island Governor ...
- Gov. Abbott looks to combat cyber attacks with Texas Cyber Command
February 3, 2025
Gov. Greg Abbott announced plans to create a Texas Cyber Command to be headquartered in San Antonio during his annual State of the State address Sunday evening. The Texas Cyber Command would create a strategy for the state to address cyber security concerns. Abbott said in his address Sunday that with increases in cyber attacks nationwide, ...