CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps

Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles.
WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, Federal Bureau of Investigation, and international cybersecurity authorities from Australia, Canada, New Zealand, and the United Kingdom, published a joint guide, The Case for Memory Safe Roadmaps: Why both C-Suite Executives and Technical Experts Need to Take Memory Safe Coding Seriously, as part of our collective Secure by Design campaign to address the critical issue of memory safety vulnerabilities in programming languages.
Memory safety vulnerabilities are the most prevalent type of disclosed software vulnerability; they affect how memory can be accessed, written, allocated, or deallocated in unintended ways in programming languages.
As the most prevalent vulnerability, software manufacturers are consistently releasing updates that their customers must continually patch.
Previous attempts at solving the problem have made only partial gains, and currently, two-thirds of reported vulnerabilities in memory unsafe programming languages still relate to memory issues.
The guide strongly encourages executives of software manufacturers to prioritize using memory safe programing languages, write and publish memory safe roadmaps and implement changes to eliminate this class of vulnerability and protect their customers.
Software developers and support staff should develop the roadmap, which should detail how the manufacturer will modify their software development life cycle to dramatically reduce and eventually eliminate memory unsafe code in their products.
This guidance also provides a clear outline of elements that a memory safe roadmap should include.
By creating a memory safe roadmap, manufacturers will signal to customers that they are embracing key Secure by Design principles of taking ownership of their security outcomes, adopting radical transparency, and taking a top-down approach.
With our partners, CISA encourages stakeholders, partners, and software manufacturers to review the guide and implement recommended action.
About CISA. As the nation's cyber defense agency and national coordinator for critical infrastructure security, the Cybersecurity and Infrastructure Security Agency leads the national effort to understand, manage, and reduce risk to the digital and physical infrastructure Americans rely on every hour of every day.


This Cyber News was published on www.cisa.gov. Publication date: Wed, 06 Dec 2023 18:43:05 +0000


Cyber News related to CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps

CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps - Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles. WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, ...
11 months ago Cisa.gov
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
5 months ago Techrepublic.com
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
5 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
CISA to Developers: Adopt Memory Safe Programming Languages - Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United States and other countries. ...
11 months ago Securityboulevard.com
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps - Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software ...
11 months ago Cisa.gov
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
5 months ago Darkreading.com
US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses' - The FBI and the Biden administration at large have lobbied Congress to reauthorize the 702 program as is, ignoring calls for reform that have grown louder since the beginning of the year, manifesting this month in the form of a comprehensive privacy ...
1 year ago Wired.com
NSA Releases 2023 Cybersecurity Year in Review Report - This document highlights the agency's achievements in enhancing national security through cybersecurity. It emphasizes the value of NSA's collaborations with U.S. government agencies, international allies, and the Defense Industrial Base, underlining ...
11 months ago Heimdalsecurity.com
How to become a cybersecurity architect - Cybersecurity architects implement and maintain a comprehensive cybersecurity framework to protect their company's digital assets. The cybersecurity architect position is a fundamental role that all organizations need, said Lester Nichols, director ...
5 months ago Techtarget.com
Latest Information Security and Hacking Incidents - The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. Cloud services are popular because ...
8 months ago Cysecurity.news
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
11 months ago Cisa.gov
Fortinet Contributes to World Economic Forum's Strategic Cybersecurity Talent Framework - Shining a light on the cybersecurity workforce challenge, the World Economic Forum recently published its Strategic Cybersecurity Talent Framework, which is intended to serve as a reference for public and private decision-makers concerned by the ...
6 months ago Feeds.fortinet.com
NSA Publishes 2023 Cybersecurity Year in Review > National Security Agency/Central Security Service > Press Release View - FORT MEADE, Md.-The National Security Agency published its 2023 Cybersecurity Year in Review today to share its recent cybersecurity successes and how it is working with partners to deliver on cybersecurity advances that enhance national security. ...
11 months ago Nsa.gov
NSA Blocked 10 Billion Connections to Malicious and Suspicious Domains - The National Security Agency's domain security service blocked 10 billion user connections to known malicious or suspicious domains, the agency notes in an annual report. Published on Tuesday, the NSA's 2023 Cybersecurity Year in Review report ...
11 months ago Securityweek.com
States and Congress Wrestle With Cybersecurity After Iran Attacks Small Town Water Utilities - The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. Then it - along with several other water utilities - was struck by what federal authorities say are Iranian-backed ...
11 months ago Securityweek.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
11 months ago Cisa.gov
How the FBI seized BlackCat ransomware's servers - An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs. Today, the US Department of Justice confirmed that they seized websites for the ALPHV ransomware ...
11 months ago Bleepingcomputer.com
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims - The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation. In the joint advisory published today in collaboration ...
11 months ago Bleepingcomputer.com
New Hunters International ransomware possible rebrand of Hive - A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag. This theory is supported by ...
1 year ago Bleepingcomputer.com
Student Cybersecurity Clubs: Fostering Online Safety - Student cybersecurity clubs are playing a crucial role in promoting online safety among students. Student cybersecurity clubs play a vital role in this regard, as they provide a platform for students to learn about the latest threats, share best ...
11 months ago Securityzap.com
CISA posts incident response guide for water utilities - CISA warned of cyberthreats against the water and wastewater sector in an incident response guide published Thursday. The incident response guide, which the U.S. cybersecurity agency published jointly with the FBI and Environmental Protection Agency, ...
10 months ago Techtarget.com
ASD’s ACSC, CISA, FBI, NSA, and International Partners Release Guidance on Principles of OT Cybersecurity for Critical Infrastructure Organizations | CISA - For more information on OT cybersecurity, review our Industrial Control Systems page and the Joint Cybersecurity Advisory Immediate Actions to Reduce Exposure Across Operational Technologies and Control Systems to help critical infrastructure ...
2 months ago Cisa.gov
Cybersecurity Curriculum Development Tips - In this article, we will explore essential tips for developing a comprehensive and up-to-date cybersecurity curriculum. By staying abreast of the latest industry trends, educational program developers can ensure that their curriculum remains relevant ...
11 months ago Securityzap.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)