Security Staff Acquisition & Development, DevSecOps, Critical Infrastructure Security

Federal open source software cybersecurity guidance for OT, ICS unveiled

Newly developed cybersecurity guidelines from the U.S. Department of Treasury, Cybersecurity and Infrastructure Security Agency, National Security Agency, and the FBI tackling open source software usage in industrial control systems and operational technology environments have recommended not only up-to-date patches and security updates for all OT and IT systems but also the application of "secure-by-design" and "secure-by-default" philosophies in software development, reports SecurityWeek. Attempted exploitation of software updates to compromise the OT supply chain should also prompt increased verifiability and transparency, according to the joint guidance. "A reliable software supply chain for an OT system with OSS components provides assurance the system will behave as intended at the time of acquisition and that all OSS components have been appropriately vetted prior to use. This is also true for software supply chain information in general," wrote the agencies, which also urged the advancement of vulnerability management and reporting, as well as strengthened authentication and authorization policies for the OT/ICS industry.

Related

Crowdfense expands exploit acquisition program

Security Affairs reports that zero-day vulnerability research hub and acquisition platform Crowdfense has increased its exploit acquisition program to provide up to $30 million in total rewards, while expanding its scope to cover security issues impacting enterprise software, messengers, and Wi-Fi/baseband.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.