Hi All,
CISA just published Secure by Design - How Software Manufacturers Can Shield Web Management Interfaces From Malicious Cyber Activity
Secure by Design Lessons to Learn
"Secure by design" means that software manufacturers build their products in a way that reasonably protects against malicious cyber actors successfully exploiting vulnerabilities in their products. Baking in this risk mitigation, in turn, reduces the burden of cybersecurity on customers. Exploitation of vulnerabilities in web management interfaces continues to cause significant harm to organizations around the world-but can be avoided at scale. CISA urges software manufacturers to learn from ongoing malicious cyber activity against web management interfaces by reviewing the principles below.
Action Item for Software Manufacturers
To shield their customers from malicious cyber activity targeting web management interfaces, software manufacturers should adopt the principles set forth in Shifting the Balance of Cybersecurity Risk and publish their own secure-by-design roadmap that demonstrates that they are not simply implementing tactical controls but are rethinking their role in keeping customers secure.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------