Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers.
However, software and the systems that deploy software are highly complex and continually evolving, making it challenging to deploy secure updates. It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements. The program should support and enhance both the security and quality of the product and deployment environment. This guide, authored by the Cybersecurity and Infrastructure Security Agency (CISA) and partners, encourages software manufacturers to establish a safe software deployment program as part of their software development lifecycle (SDLC).
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- The WikiLeaks Hacking Dump Exposed a Big Disconnect Over Cyber Security
March 29, 2017
When WikiLeaks founder Julian Assange disclosed earlier this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by U.S. companies, security engineers at Cisco Systems swung into action. The WikiLeaks documents described how the Central Intelligence Agency had learned more than a year ago how to exploit flaws in Cisco’s ...
- Germany Fought Off Two Fancy Bear Cyber Attacks in 2016
March 27, 2017
Fears about Russian involvement in European elections, especially after last year’s US election, aren’t exactly unfounded or born out of paranoia. In fact, Germany says it fended off two cyber attacks coming from the same cybercriminals that targeted Hillary Clinton’s campaign. Arne Schoenbohm, a top German official, told Reuters they managed to fight off two attacks ...
- US Critical Infrastructure Cybersecurity Milestone
March 25, 2017
Last week the Idaho National Laboratory (INL) and the Department of Homeland Security (DHS) announced the successful completion of the 100th iteration of the Industrial Control Systems Cybersecurity training on defending systems used across the critical infrastructure sectors. Since April 2007, over 4,000 cybersecurity professionals have participated in the advanced course. These professionals represent all ...
- Senators reintroduce a bill to improve cybersecurity in cars
March 23, 2017
Senators Ed Markey of Massachusetts and Richard Blumenthal of Connecticut have reintroduced the Security and Privacy in Your Car (SPY Car) Act of 2017. They first introduced the bill, along with a similar bill for aircraft, during the last session. The SPY Car Act places the onus for automotive cybersecurity and privacy standards on the shoulders ...
- Cyber Firm at Center of Russian Hacking Charges Misread Data
March 21, 2017
An influential British think tank and Ukraine’s military are disputing a report that the U.S. cybersecurity firm CrowdStrike has used to buttress its claims of Russian hacking in the presidential election. The CrowdStrike report, released in December, asserted that Russians hacked into a Ukrainian artillery app, resulting in heavy losses of howitzers in Ukraine’s war with ...
- Government Cybersecurity Contractor Hit in W-2 Phishing Scam
March 17, 2017
Just a friendly reminder that phishing scams which spoof the boss and request W-2 tax data on employees are intensifying as tax time nears. The latest victim shows that even cybersecurity experts can fall prey to these increasingly sophisticated attacks. On Thursday, March 16, the CEO of Defense Point Security, LLC — a Virginia company that ...