CyberScoop reports that federal civilian agencies have been ordered by the Cybersecurity and Infrastructure Security Agency to provide regular reports on software vulnerabilities as part of a new directive aimed at improving vulnerability detection and asset visibility in federal networks.
Such a directive indicates CISA's evolving role in helping bolster network visibility across government agencies following the widespread SolarWinds supply chain attack, said CISA Director Jen Easterly.
"This is a movement essentially to allow CISA, in its role as operational lead for federal cybersecurity, to manage federal cybersecurity as an enterprise," Easterly noted.
Requiring software vulnerability reporting would also help CISA better understand varying cybersecurity postures of agenices, said Easterly, who also noted the directive's importance amid continuous cyberattacks against U.S. government networks and critical infrastructure.
"While this directive applies to federal civilian agencies, we urge all organizations to adopt the guidance in this directive to gain a complete understanding of vulnerabilities that may exist on their networks," she added.
Open-source artificial intelligence compute framework Ray has been found to be impacted by a critical vulnerability, tracked as CVE-2023-48023, which could be exploited to facilitate unauthorized node access, according to SecurityWeek.
Vulnerability management: Finding and fixing fatal flaws
Reducing silos between Developers and AppSec in your Software Supply Chain with Snyk and ServiceNow
Vulnerability management: Finding and fixing your fatal flaws
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news