How CISA can improve OSS security | allinfosecnews.com

Nov. 20, 2023, 2:55 p.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

By Jim Miller

The US government recently issued a request for information (RFI) about open-source software (OSS) security. In this blog post, we will present a summary of our response and proposed solutions. Some of our solutions include rewriting widely used legacy code in memory safe languages such as Rust, funding OSS solutions to improve compliance, sponsoring research and development of vulnerability tracking and analysis tools, and educating developers on how to reduce attack surfaces and manage complex features.

Background …

blog blog post cisa code funding government information languages legacy memory memory safe memory safe languages miller open-source software oss request response rfi rust safe security software solutions

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Zoom flaw enabled hijacking of accounts with access to meetings, team chat 37 minutes ago | malware.news

access accounts appomni article +18

2023-11-30 - DarkGate activity an hour ago | malware.news

analysis article darkgate link +5

Over $100M amassed by Black Basta from victims an hour ago | malware.news

april article basta black basta +7

Google: Taiwan facing deluge of Chinese cyberattacks an hour ago | malware.news

article bloomberg china chinese +10

Cyberattack at Japan's space agency confirmed an hour ago | malware.news

aerospace agency article bleepingcomputer +15

Shadowfax claimed to be hacked an hour ago | malware.news

actor article cyberattack demand +18

Third-party breach hits Dollar Tree an hour ago | malware.news

american article august bleepingcomputer +24

Novel DJVU ransomware variant emerges an hour ago | malware.news

article attacks cracked encrypted +10

Numerous malware spread in ongoing Apache ActiveMQ flaw exploitation an hour ago | malware.news

activemq apache apache activemq apache activemq vulnerability +21

Senior Vice President, Cybersecurity and Runtime Operations

@ 2U | US-MD-Lanham//US-Remote

View on infosec-jobs.com

Dreadnought Product Security Lead - Submarines

@ Rolls-Royce | Derby - Jubilee House (UK-JH)

View on infosec-jobs.com

Senior Product Security Engineer

@ Narvar | Hybrid - Bengaluru

View on infosec-jobs.com

Managing Consultant - Advisors Business Development

@ Mastercard | Mumbai, India

View on infosec-jobs.com

Principal Security Engineer

@ Highspot | Vancouver, BC

View on infosec-jobs.com

Incident Response Specialist

@ Wabtec | Bengaluru - KA - IND (ITC Greens)

View on infosec-jobs.com