Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers.
However, software and the systems that deploy software are highly complex and continually evolving, making it challenging to deploy secure updates. It is critical for all software manufacturers to implement a safe software deployment program supported by verified processes, including robust testing and measurements. The program should support and enhance both the security and quality of the product and deployment environment. This guide, authored by the Cybersecurity and Infrastructure Security Agency (CISA) and partners, encourages software manufacturers to establish a safe software deployment program as part of their software development lifecycle (SDLC).
Read more…
Source: U.S. Federal Bureau of Investigation Cyber Division
Related:
- Hacker claims to have hacked the FBI, but it wasn’t
January 5, 2017
A hacker yesterday claimed to have hacked the FBI’s website running on Plone CMS, but it seems it wasn’t hacked using any zero-day vulnerability in Plone. We contacted Plone security team and updated this story (see below) with official statements.A hacker, using Twitter handle CyberZeist, has claimed to have hacked the FBI’s website (fbi.gov) and ...
- 11 Gigabytes of Sensitive Data Belonging to US DoD Staff Exposed
January 5, 2017
Personal details of doctors who are deployed in the United States Special Operations Command (USSOCOM or SOCOM) have been exposed due to a security vulnerability discovered in a server operated by health services contractor Potomac Healthcare Solutions. MacKeeper Security Researcher Chris Vickery discovered in late December that Potomac, which provides healthcare workers to the government through ...

