The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the MITRE-operated Homeland Security Systems Engineering and Development Institute (HSSEDI), has published a top 25 list of the most dangerous software vulnerabilities of 2024. According to MITRE, the 25 are the most common and most serious behind the 31,770 CVE records of 2024 and are frequently used by attackers to compromise systems, steal sensitive data or sabotage critical systems, CISA writes on its website.
Advertisement
Recommendation to developers, purchasers and security managers
The authority recommends that companies and public bodies take the list into account in their software security strategy. Taking the listed vulnerabilities into account in development and procurement processes helps to avoid security gaps at the core of the software lifecycle. Security managers should consider the top 25 in vulnerability management and application testing processes, and developers should consult them to identify potential high-priority vulnerabilities. According to Mitre, entire error classes can be eliminated in this way, such as those that affect memory security. Product and development teams should integrate secure-by-design practices into their development processes wherever possible. Secure by design means that software manufacturers follow best practices in the field of IT security throughout the entire design and development process.
The list is also aimed at purchasers and risk managers: they should refer to the list when assessing providers and integrate secure-by-demand principles into their processes. Secure by Demand, on the other hand, means that buyers should ensure that they only purchase software from providers that follow CISA’s Secure by Design guidelines.
According to Mitre, incorporating the list into these processes can not only prevent security vulnerabilities from occurring, but also help analyze trends, prioritize risks and possibly reduce costs. Transparency in dealing with vulnerabilities and their management could also increase customer confidence.
(kst)
Don’t miss any news – follow us on
Facebook,
LinkedIn or
Mastodon.
This article was originally published in
German.
It was translated with technical assistance and editorially reviewed before publication.
