Summary: The US cybersecurity agencies CISA and the FBI have updated their guidance on risky software security practices, incorporating feedback from a public comment period. This guidance, known as Product Security Bad Practices, outlines exceptionally risky practices and offers recommendations for software manufacturers, particularly those in critical infrastructure. The document emphasizes the importance of prioritizing security in software development to reduce risks for customers.
Threat Actor: CISA and FBI | CISA and FBI
Victim: Software Manufacturers | software manufacturers
Keypoints :
- Guidance includes risky practices related to product properties, security features, and organizational processes.
- Three new bad practices added, including hardcoded credentials and insecure cryptographic functions.
- Emphasis on the need for phishing-resistant multi-factor authentication (MFA) and timely publication of vulnerabilities.
Source: https://www.securityweek.com/cisa-fbi-update-software-security-recommendations/