Product Security Bad Practices A Bit of Security for October 25, 2024
The CISA and FBI jointly published their guide to Product Security Bad Practices. It lists ten really bad ideas that you should avoid doing when you develop code - either as a vendor or as an organization that writes code in the normal course of business. The ten bad ideas are:
1. Developing in memory-unsafe languages
2. Allowing user-provided input into SQL queries
3. Allowing user-provided input to OS commands
4. Allowing default passwords
5. Including known exploited vulnerabilities in production code
6. Using Open-Source Software with known exploited vulnerabilities
7. Not using multifactor authentication
8. Failing to gather data about intrusions (logging)
9. Failing to publish timely CVEs with relevant CWE (common weakness enumeration)
10. Failing to publish a vulnerability disclosure policy
See for more details. You can download the document and, for the moment, even comment on it, here:
Product Security Bad Practices
A Bit of Security for October 25, 2024
The CISA and FBI jointly released a list of Ten Bad Ideas to avoid when you write code. Listen to this -
Let me know what you think in the comments below or at wjmalik@noc.social
#cybersecuritytips #safecode #CIE #securebydemand #securebydesign #badcode #BitofSec
Музыка
Фильмы
ТВ Шоу
Категории видео
