The Pentagon may require vendors certify their software is free of known flaws. Experts are split.
The debate is over whether the provision is unrealistic or if it's a game changing move to cut down on software vulnerabilities.
Advertisement
vulnerability disclosure
CISA advisory panel wants agency to act on election disinformation, multifactor authentication
CISA's director has 90 days to respond to the suggestions.
Project Zero researchers see promising trends in vulnerability fixes
Data from the Google-based team seems to reflect an industry getting faster at fixing bugs and deploying patches.
DHS establishes its own bug bounty program, offering outsiders $500 to $5K for discovering flaws
DHS follows in the footsteps of bug bounty initiatives for federal agencies that began in 2016.
CISA tells agencies to fix hundreds of software flaws, prep for future vulnerabilities
CISA wants agencies to tackle nearly 300 flaws in all, ranging from within two weeks to six months.
BlackBerry’s popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings
The disclosure expands the number of devices that could be at risk due to the "BadAlloc" flaw.
Advertisement
Mandiant, CISA urge ThroughTrek customers to fix software bug in millions of baby monitors, cameras
Security issues in the IoT industry run deep, and a single vulnerability often affects multiple vendors.
Multiple ransomware gangs pounce on ‘PrintNightmare’ vulnerability
For the second time in a week, security researchers have warned that extortionists exploited the critical flaw.
Biden budget seeks $750 million to respond to SolarWinds compromises, plus billions more for cyber
The proposal includes $9.8 billion for federal civilian agency cybersecurity, which excludes even more cyber funding at the Defense Department.
Market for software exploits is often focused on Microsoft flaws, years-old technology
Holes in popular software can yield major profits for criminals.