CISA and FBI Release Joint Guidance on Product Security Bad Practices for Public Comment

Yesterday, CISA and the FBI released joint guidance on Product Security Bad Practices, giving an overview of exceptionally risky product security practices for software manufacturers who produce software in support of critical infrastructure or national critical functions. The guidance comes as part of CISA’s Secure by Design initiative that intends to help software manufacturers include proper security practices in the design of their products.

While this guidance is intended for software manufacturers, members are encouraged to utilize CISA’s Secure by Demand guidance which outlines the important role that software customers play in driving a secure technology ecosystem.

During next week’s October Cyber Resilience Briefing, WaterISAC will be pleased to welcome presenters from CISA’s Secure by Design initiative to discuss the role all stakeholders have in creating a more cyber secure future. The presenters will discuss practical steps for asset owners to demand security when in product, software, and service procurement discussions.

Access the full guide at CISA.