In partnership with the Federal Bureau of Investigation (FBI), CISA released an update to joint guidance Product Security Bad Practices in furtherance of CISA’s Secure by Design initiative. This updated guidance incorporates public comments CISA received in response to a Request for Information, adding additional bad practices, context regarding memory-safe languages, clarifying timelines for patching Known Exploited Vulnerabilities (KEVs), and other recommendations.
While this voluntary guidance is intended for software manufacturers who develop software products and services in support of critical infrastructure, all software manufacturers are strongly encouraged to avoid these product security bad practices.
CISA and FBI urge software manufacturers to reduce customer risk by prioritizing security throughout the product development process. For more information and resources, visit CISA’s Secure by Design webpage or learn how to take CISA’s Secure by Design Pledge.
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of…
Today, CISA released the Microsoft Expanded Cloud Logs Implementation Playbook to help organizations get the…
Fortinet released security updates to address vulnerabilities in multiple Fortinet products. A cyber threat actor…
Today, CISA—along with U.S. and international partners—released joint guidance Secure by Demand: Priority Considerations for…
CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide…
CISA released four Industrial Control Systems (ICS) advisories on January 10, 2025. These advisories provide…
This website uses cookies.