xIoT Research

Version Releases

Security Trends

IoT cybersecurity news

Secure Software Development Gets a Push from CISA

Daniel Craig 12Likes
Pushing the boulder up the hill as CISA pushes for secure software deployment

In the wake of the CrowdStrike incident, the US Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Australian Signals Directorate (ASD) have issued new guidance aimed at fostering secure software deployment practices earlier in the software development lifecycle (SDLC). The recommendations emphasize the critical need to integrate security into every phase of the SDLC, ensuring robust testing and minimizing risks from flawed deployments.

In speaking with reporter John P. Mello Jr., technology leaders and industry experts have welcomed the framework. Experts from organizations including Gomboc.ai and Keeper Security say the recommendations are both “solid” and “relevant” for fostering safe and secure software deployments.

John Terrill, CISO at Phosphorus Cybersecurity, highlighted how the new recommendations dovetail with CISA’s earlier Secure by Design initiative, introduced in April.

โ€œSecure by Design is not just an application security idea,โ€ Terrill explained. โ€œYou want secure components, you want best practices around scanning code, testing, productionโ€”everything. But you also want to ensure itโ€™s all deployed in a reasonable, controlled manner.โ€

Despite the initiativeโ€™s value, Terrill and others in the industry acknowledge that much of the advice is not new. โ€œAll of this is super common,โ€ Terrill said, noting that the guidance serves as a reminder to prioritize fundamental practices.

He added, โ€œI think this is a little bit of CYA. They’re just making sure they’ve got the information out there so nobody can say they didnโ€™t state it.โ€

Read more at ReversingLabs and Security Boulevard for perspectives on this framework and the lessons learned from the CrowdStrike incident.

Read more from Phosphorus experts on recent cybersecurity news and trends in the following articles.

CISA’s Threat Sharing in a Death Spiral

Why CISA’s Plea to Network Defenders is a Forewarning for the Poor State of Security on ICS, OT, and IoT Cyber-Physical Systems

Finding Your ‘Creative Maliciousness’: John Terrill guests on Security Breach

 

Author

Daniel Craig

Dan is a versatile marketing strategist and media aficionado with more than 15 years in the space. Prior to Phosphorus, Dan led social/digital teams at Arc Worldwide, Leo Burnett, and through Trier & Company for brands like Allstate Mayhem, Mandiant, Miller Coors, Samsung, and GaN Systems. He just likes technology and making cool things work.

Related Posts

IoT cybersecurity news
Phosphorus Cybersecurity

Proposed TP-Link Router Ban More About Politics Than Exploitation Risk

Even as U.S. government agencies contemplate a ban on TP-Link routers, two-thirds of Americans...
IoT cybersecurity news
Two digital rats scurry along the cyberpunk streets
Phosphorus Cybersecurity

FBI Issues Warning on Exploitation of xIoT Devices: Implications and How to Defend Against Attacks

On December 16, 2024, the FBI issued a Private Industry Notification (PIN) alerting organizations...
Phosphorus Cybersecurityยฎ is the industryโ€™s only xIoT discovery and remediation platform.
Linkedin Youtube
Solutions
Industry
Resources
Contact
Copyright ยฉ Phosphorus Cybersecurity 2024. All Rights Reserved.