CyberSecurityBoard
Sponsor Register Login

CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability.
Preventing and responding to these vulnerabilities cost both software manufacturers and their customer organizations significant time and resources.
The Case for Memory Safe Roadmaps details how software manufacturers can transition to memory safe programming languages to eliminate memory safety vulnerabilities.
The guidance provides manufacturers steps for creating and publishing memory safe roadmaps that will show their customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products-key Secure by Design tenets.
CISA and our partners urge C-suite and technical experts at software manufacturers to read this guidance and implement memory safe roadmaps to eliminate memory safety vulnerabilities from their product.


This Cyber News was published on www.cisa.gov. Publication date: Wed, 06 Dec 2023 19:13:04 +0000


Cyber News related to CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps - Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles. WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, ...
7 months ago Cisa.gov
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps - Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software ...
7 months ago Cisa.gov
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
6 days ago Techrepublic.com
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
1 week ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
1 month ago Securityaffairs.com
CISA to Developers: Adopt Memory Safe Programming Languages - Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United States and other countries. ...
7 months ago Securityboulevard.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
1 week ago Darkreading.com
CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects - This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software. This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software ...
1 week ago Cisa.gov
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
6 months ago Cisa.gov
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
4 months ago Darkreading.com
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
6 months ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
3 months ago Securityweek.com
Latest Information Security and Hacking Incidents - The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. Cloud services are popular because ...
3 months ago Cysecurity.news
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
7 months ago Feeds.fortinet.com
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
5 months ago Darkreading.com
CISA Unveils Healthcare Cybersecurity Guide - The US Cybersecurity and Infrastructure Security Agency has released a Mitigation Guide specifically tailored for the Healthcare and Public Health sector. The new guide outlines defensive mitigation strategies and best practices to counteract ...
7 months ago Infosecurity-magazine.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
7 months ago Cisa.gov
CISA posts incident response guide for water utilities - CISA warned of cyberthreats against the water and wastewater sector in an incident response guide published Thursday. The incident response guide, which the U.S. cybersecurity agency published jointly with the FBI and Environmental Protection Agency, ...
5 months ago Techtarget.com
CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
6 months ago Cisa.gov
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
1 month ago Cisa.gov
Memory-Safe Programming Languages are on the Rise: Here's How Developers Should Respond - Memory-safe programming languages are rapidly becoming more used as developers strive to create more reliable and secure coding environments. These languages are designed to ensure that programs execute properly by eliminating off-by-one errors and ...
1 year ago Zdnet.com
New Microsoft Incident Response team guide shares best practices for security teams and leaders - The incident response process can be a maze that security professionals must quickly learn to navigate-which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. ...
6 months ago Microsoft.com
What Is the Android Files Safe Folder and How Do You Use It? - The Android Files safe folder is a great way to ensure that your files and data remain safe and secure on your Android device. The Files safe folder is a feature of the Android Files app, a part of the Google Files suite of app. This folder ...
1 year ago Zdnet.com
CISA Has a New Road Map for Handling Weaponized AI - Last month, a 120-page United States executive order laid out the Biden administration's plans to oversee companies that develop artificial intelligence technologies and directives for how the federal government should expand its adoption of AI. At ...
7 months ago Wired.com
Incident Response Guide for the WWS Sector - Today, CISA, the Federal Bureau of Investigation, and the Environmental Protection Agency released a joint Incident Response Guide for the Water and Wastewater Systems Sector. The guide includes contributions from over 25 WWS Sector organizations ...
5 months ago Cisa.gov

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)