我们的世界安全了吗？我们接近了吗？.pdf

1、October 11,2024C I S A|C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C YIS OUR WORLD SECURE YET?(ARE WE EVEN CLOSE?):AN UPDATE ON CISAS SECURE BY DESIGN INITIATIVEKIRK LAWRENCE1October 11,2024Secure by Design Is HardIntroduction3October 11,2024In the past 18 mon

2、ths,CISA has1.Preached the gospel of Secure by Design2.Released the Secure by Design Pledge3.Published 6 Secure by Design Alerts and 11 Secure by Design Blogs4.Established a Working Group with CISA to coordinate SbD activities across 8 disparate workstreams.5.Continue to advance Software Bill-of-Mat

3、erials(SBOM)adoption across the USG and internationally,focusing on scaling and operationalizing SBOM tools to improve visibility into software products.6.Published an Open Source Software Security Roadmap that lays out our priorities for securing the open source software ecosystem.Worked to increas

4、e broad understanding of SbD principles in OS SW use and development.Background5October 11,20241.Manufacturers should take ownership of the security outcomes for their customers.The burden of safety should never fall solely upon the customer.2.Manufacturers should embrace radical transparency and ac

5、countability.3.Manufacturers should build organization structure and leadership to ensure safety is built in.Principles6October 11,2024Within a year,demonstrate measurable progress in the following areas:1.Increase the use of multi-factor authentication(MFA).2.Reduce default passwords across product

6、s.3.Reduce entire classes of vulnerabilities.4.Increase the installation of security patches by customers.5.Publish a vulnerability disclosure policy(VDP).6.Transparency in vulnerability reporting.(CVE)7.Increase in the ability for customer