Daily News

CISA updates bad practices guide for product security based on stakeholder input

By Jacob Livesay / January 20, 2025

The Cybersecurity and Infrastructure Security Agency and the FBI have published an updated version of a controversial guide outlining bad product development practices that stakeholders see as a potential launchpad for standing up a software liability regime.

“This updated guidance incorporates public comments CISA received in response to a Request for Information, adding additional bad practices, context regarding memory-safe languages, clarifying timelines for patching Known Exploited Vulnerabilities (KEVs), and other recommendations,” CISA says in a Jan. 17 announcement.

CISA ...

form.antibot { display: none !important; } You must have JavaScript enabled to use this form.

CISA updates bad practices guide for product security based on stakeholder input

Log in to access this content.

Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.