CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability.
Preventing and responding to these vulnerabilities cost both software manufacturers and their customer organizations significant time and resources.
The Case for Memory Safe Roadmaps details how software manufacturers can transition to memory safe programming languages to eliminate memory safety vulnerabilities.
The guidance provides manufacturers steps for creating and publishing memory safe roadmaps that will show their customers how they are owning security outcomes, embracing radical transparency, and taking a top-down approach to developing secure products-key Secure by Design tenets.
CISA and our partners urge C-suite and technical experts at software manufacturers to read this guidance and implement memory safe roadmaps to eliminate memory safety vulnerabilities from their product.


This Cyber News was published on www.cisa.gov. Publication date: Wed, 06 Dec 2023 19:13:04 +0000


Cyber News related to CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps

CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps - Guide encourages software manufacturesto address memory safety vulnerabilities and implement secure by design principles. WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency, in partnership with the National Security Agency, ...
1 year ago Cisa.gov
CISA Releases Joint Guide for Software Manufacturers: The Case for Memory Safe Roadmaps - Malicious cyber actors routinely exploit memory safety vulnerabilities, which are common coding errors and the most prevalent type of disclosed software vulnerability. Preventing and responding to these vulnerabilities cost both software ...
1 year ago Cisa.gov
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code - More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.'s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, ...
5 months ago Techrepublic.com
CISA: Most critical open source projects not using memory safe code - The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as ...
6 months ago Bleepingcomputer.com
CISA adds Check Point Quantum Security Gateways and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog - CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog. CISA adds Google Chrome zero-days to its Known Exploited Vulnerabilities catalog. CISA adds ...
6 months ago Securityaffairs.com
CISA's Flags Memory-Unsafe Code in Major Open Source Projects - A comprehensive new study has unearthed fresh details on the extensive and troubling use of memory-unsafe code in major open source software projects. The chances that fresh insight on a long known issue will spur any immediate changes to the ...
5 months ago Darkreading.com
CISA to Developers: Adopt Memory Safe Programming Languages - Software makers need to embrace the growing number of newer programming languages that protect memory to reduce the number of security vulnerabilities in their products, according to cybersecurity agencies in the United States and other countries. ...
1 year ago Securityboulevard.com
CISA pledges to resolve issues with threat sharing system after watchdog report - On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s ...
2 months ago Therecord.media
CISA and Partners Release Guidance for Exploring Memory Safety in Critical Open Source Projects - This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software. This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software ...
6 months ago Cisa.gov
CISA Releases Key Risk and Vulnerability Findings for Healthcare and Public Health Sector - WASHINGTON - The Cybersecurity and Infrastructure Security Agency published a Cybersecurity Advisory, Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment, detailing the agency's key ...
1 year ago Cisa.gov
How Hospitals Can Help Improve Medical Device Data Security - COMMENTARY. Hospitals and medical device manufacturers must team up to help create a secure environment to protect the personal health information derived from patient monitors and other medical devices. For some time, this notion of shared ...
10 months ago Darkreading.com
Latest Information Security and Hacking Incidents - The NSA and CISA have released a set of five cybersecurity bulletins to help make cloud environments safer. These bulletins share important tips for keeping cloud systems secure, which are used a lot by businesses. Cloud services are popular because ...
9 months ago Cysecurity.news
Enabling Threat-Informed Cybersecurity: Evolving CISA's Approach to Cyber Threat Information Sharing - One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country. Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange ...
1 year ago Cisa.gov
CISA's OT Attack Response Team Understaffed: GAO - The US Government Accountability Office has conducted a study focusing on the operational technology cybersecurity products and services offered by CISA and found that some of the security agency's teams are understaffed. OT environments continue to ...
9 months ago Securityweek.com
Tracking Cybersecurity Progress at Industrial Companies - Although cybersecurity has become a priority at many manufacturing companies, risks have increased at the same time. To better understand how companies are addressing heightened risks, Manufacturers Alliance and Fortinet partnered to study the ...
1 year ago Feeds.fortinet.com
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
10 months ago Darkreading.com
CISA Unveils Healthcare Cybersecurity Guide - The US Cybersecurity and Infrastructure Security Agency has released a Mitigation Guide specifically tailored for the Healthcare and Public Health sector. The new guide outlines defensive mitigation strategies and best practices to counteract ...
1 year ago Infosecurity-magazine.com
Cybersecurity Performance Goals: Assessing How CPGs Help Organizations Reduce Cyber Risk - In October 2022, CISA released the Cybersecurity Performance Goals to help organizations of all sizes and at all levels of cyber maturity become confident in their cybersecurity posture and reduce business risk. Earlier this summer, CISA outlined ...
1 year ago Cisa.gov
CISA posts incident response guide for water utilities - CISA warned of cyberthreats against the water and wastewater sector in an incident response guide published Thursday. The incident response guide, which the U.S. cybersecurity agency published jointly with the FBI and Environmental Protection Agency, ...
11 months ago Techtarget.com
CISA Issues Request For Information on Secure by Design Software Whitepaper - WASHINGTON - Today, the Cybersecurity and Infrastructure Security Agency published a Request for Information from all interested parties on secure by design software practices, including the Shifting the Balance of Cybersecurity Risk: Principles and ...
1 year ago Cisa.gov
Securing Tomorrow: A Recap of CISA's Cyber Resilient 911 Symposium - CISA's Emergency Communications Division spearheaded the Cyber Resilient 911 Program's fourth regional symposium, which included CISA Regions 5 and 7. Among the attendees were state 911 administrators, representatives from 911 centers, IT/cyber ...
7 months ago Cisa.gov
New Microsoft Incident Response team guide shares best practices for security teams and leaders - The incident response process can be a maze that security professionals must quickly learn to navigate-which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. ...
1 year ago Microsoft.com
CISA Has a New Road Map for Handling Weaponized AI - Last month, a 120-page United States executive order laid out the Biden administration's plans to oversee companies that develop artificial intelligence technologies and directives for how the federal government should expand its adoption of AI. At ...
1 year ago Wired.com
What Is Software Piracy? - Software piracy has become a worldwide issue, with China, the United States and India being the top three offenders. In 2022, 6.2% of people worldwide visited software piracy websites. Software piracy doesn't require a hacker or skilled coder. Any ...
1 year ago Pandasecurity.com
CISA: Black Basta ransomware breached over 500 orgs worldwide - CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. In a joint report published in collaboration with the Department of Health and Human Services and the Multi-State ...
7 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)