Cybernews reports that mounting cybersecurity threats against software, especially against those leveraged by critical infrastructure entities, have prompted the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to release an updated joint security guidance adding three more bad software development practices that should be avoided by software vendors.
Aside from warning against the use of archaic cryptographic platforms and unencrypted data storage, the guidance — which now details 13 suboptimal software development practices, also cautioned about the use of hardcoded secrets in critical infrastructure software source code and inadequate communications regarding product support periods.
Software providers should leverage compliant post-quantum cryptographic algorithms, modern TLS encrypted sites, and secure secret managers, and also expedite the remediation of known exploited vulnerabilities and adopt phishing-resistant multi-factor authentication to counter increasingly sophisticated cyber intrusions, the guidance said.
