cisa
Safeguard articles tagged "cisa" — guides, analysis, and best practices for software supply chain and application security.
35 articles
Sisense Data Breach: When Your Analytics Platform Becomes the Threat
CISA issued a rare advisory urging Sisense customers to reset credentials after attackers compromised the business intelligence platform, potentially accessing customer data across thousands of organizations.
CISA's Secure by Design Pledge: Voluntary Commitments with Real Teeth
CISA launched a voluntary pledge asking software manufacturers to commit to specific security improvements. Over 100 companies signed. Here is what the pledge actually requires and whether it matters.
CISA Secure Software Development Attestation: What Vendors Must Know
CISA now requires software vendors selling to the US government to attest to secure development practices. Here's what the form demands and how to prepare.
CISA's Memory-Safe Languages Roadmap: What It Means for Software Development
CISA publishes a roadmap urging the industry to transition to memory-safe programming languages, targeting the root cause of roughly 70% of critical vulnerabilities.
CISA's Secure by Default: Shifting Responsibility to Software Manufacturers
CISA's Secure by Design guidance pushes software vendors to ship secure defaults and take ownership of customer security outcomes, fundamentally changing the security responsibility model.
CISA KEV Catalog: One Year Analysis of Known Exploited Vulnerabilities
After one year, the CISA KEV catalog has reshaped how organizations prioritize patching. Here's what the data tells us about real-world exploitation.
CISA Secure by Design Principles: What They Mean for Software Teams
CISA's Secure by Design initiative shifts security responsibility from users to manufacturers. Here's what it means for how you build software.
CISA Self-Attestation Form: What Software Producers Need to Know
OMB M-22-18 requires software producers selling to the federal government to self-attest to secure development practices. Here's what's required.
The Open Source Software Security Act of 2022: What It Means for Developers
The U.S. Senate introduced legislation directing CISA to secure open source software used by the federal government. Here's what the bill contains.
CISA SBOM Guidance: What Government Agencies Need to Know
CISA's evolving SBOM requirements are reshaping how government agencies procure and manage software. Here's what the guidance says and how to operationalize it.
CISA Known Exploited Vulnerabilities Catalog Launched
CISA's KEV catalog changes vulnerability management from theoretical risk to confirmed exploitation. Here's what it means and how to use it for prioritization.