CISA recommends getting rid of default passwords
Following our recent blog post about vulnerabilities in Programmable Logic Controllers, the Cybersecurity & Infrastructure Security Agency (CISA) is urging manufacturers to change or even get rid of default passwords altogether on equipment and software they manufacture. The agency went on to say that “studies by CISA show that the use of default credentials, such as passwords, is a top weakness that threat actors exploit to gain access to systems, including those within U.S. critical infrastructure”.
CISA has also released a new work product that provides guidance for secure-by-design open source software development in a broader effort to secure the software supply chain.
The document focuses on recommended practices for implementing open source software as well as tracking the use of open source code through a concept known as a “software bill of materials”. The document also provides guidance on how to select open source software, conduct risk assessments, maintaining open source software, and how to respond to vulnerabilities and threats.
You can read more about it by clicking here:
If you leverage any variation of open source software equipment you manufacture, you may want to pay close attention to this guidance as it could save you and your customers from potential vulnerabilities.