CISA, the government agency tasked with securing the U.S.’ cyber and physical infrastructure, has released new Information Technology (IT) Sector-Specific Goals (SSGs). According to the organization, the IT SSGs complement Cross-Sector Cybersecurity Performance Goals (CPGs) and offer “additional voluntary practices with high-impact security actions.” Organizations can use them to improve the security of their software … continue reading
A new report from CISA, the FBI, the Australian Cyber Security Centre (ACSC), and the Canadian Centre for Cyber Security (CCCS) analyzed 172 critical OpenSSF projects and found that 52% of them contain code written in a memory-unsafe language. The report also found that 55% of the total lines of code for all projects were … continue reading
A number of security-focused groups have announced they are teaming up on a new open-source project to help secure software supply chains: Protobom. The project was created jointly by the Open Source Security Foundation (OpenSSF), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Homeland Security Science and Technology Directorate (DHS S&T). Protobom allows … continue reading
As part of its ongoing efforts to improve cybersecurity, the Biden-Harris Administration has announced that it has approved a secure software development attestation form. The form, which was jointly developed by CISA and the Office of Management and Budget (OMB), will be required to be filled out by any company providing software that the Government … continue reading
This week the Cybersecurity and Infrastructure Security Agency (CISA) held a two day summit with open source software (OSS) leaders, intending to continue its work advancing security of OSS. Over the course of the Open Source Software (OSS) Security Summit, CISA laid out three key actions that it will be taking. First, it will work … continue reading
As we bid farewell to another year, it is crucial to reflect on the threats of cyberattacks and ransomware and think of how to mitigate them moving forward. However, this year feels a bit different – marked by the unknown of what challenges AI will bring to the security landscape in the new year. This … continue reading
The Cybersecurity and Infrastructure Security Agency (CISA) has just published a roadmap for safely and responsibly utilizing AI. This follows President Biden’s Executive Order on AI last month. “In last month’s Executive Order, the President called on DHS to promote the adoption of AI safety standards globally and help ensure the safe, secure, and responsible … continue reading
Securing software supply chains has been a big focus of the Biden administration. In May 2021 President Joe Biden signed an executive order to improve cybersecurity, and since then it has made progress in providing guidance to companies on how to actually meet these cybersecurity goals. Now the U.S. federal Cybersecurity & Infrastructure Security Agency … continue reading
Software security is improving, but this past year still saw hacks and security breaches. In 2015, companies were creating new tools or initiatives to make sure data and critical information were protected, but with a fair share of leaks and hacks, the wait for a solution to software security continues. Unlike other approaches to security, … continue reading
Google wants students to go beyond an Hour of Code. The company has announced the Google Code-in competition, a seven-week competition where students work on real software projects and get help from mentors. Students can browse from hundreds of tasks from 14 open-source organizations ranging from healthcare, desktop and portable computing, to game development, and … continue reading
A controversial cybersecurity bill passed the U.S. Senate yesterday by a 74-21 vote, despite opposition from organizations and businesses that claimed the measure does not support the idea of a free and open Internet. The Cybersecurity Information Sharing Act (CISA), if signed into law by President Barack Obama, would allow businesses and government agencies to … continue reading
A group of tech companies are banding together to become Fight for the Future, an organization dedicated to giving everyone access to the Internet’s resources and fighting against CISA, a controversial cybersecurity bill. The coalition announced that Google has joined in the fight to stop the bill, which could reach the Senate as early as … continue reading
