我們的世界安全了嗎？我們接近了嗎？.pdf

1、October 11,2024C I S A|C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C YIS OUR WORLD SECURE YET?(ARE WE EVEN CLOSE?):AN UPDATE ON CISAS SECURE BY DESIGN INITIATIVEKIRK LAWRENCE1October 11,2024Secure by Design Is HardIntroduction3October 11,2024In the past 18 mon

2、ths,CISA has1.Preached the gospel of Secure by Design2.Released the Secure by Design Pledge3.Published 6 Secure by Design Alerts and 11 Secure by Design Blogs4.Established a Working Group with CISA to coordinate SbD activities across 8 disparate workstreams.5.Continue to advance Software Bill-of-Mat

3、erials(SBOM)adoption across the USG and internationally,focusing on scaling and operationalizing SBOM tools to improve visibility into software products.6.Published an Open Source Software Security Roadmap that lays out our priorities for securing the open source software ecosystem.Worked to increas

4、e broad understanding of SbD principles in OS SW use and development.Background5October 11,20241.Manufacturers should take ownership of the security outcomes for their customers.The burden of safety should never fall solely upon the customer.2.Manufacturers should embrace radical transparency and ac

5、countability.3.Manufacturers should build organization structure and leadership to ensure safety is built in.Principles6October 11,2024Within a year,demonstrate measurable progress in the following areas:1.Increase the use of multi-factor authentication(MFA).2.Reduce default passwords across product

6、s.3.Reduce entire classes of vulnerabilities.4.Increase the installation of security patches by customers.5.Publish a vulnerability disclosure policy(VDP).6.Transparency in vulnerability reporting.(CVE)7.Increase in the ability for customers to gather evidence of intrusions.October 11,2024Secure by

7、Demand16CISA Goal:Offer resources that organizations can leverage to assess product security maturity that aligns with our Secure by Design Principles.October 11,2024CISAS SbD Impact17Have we made the world more secure?_()_/October 11,20241.Dont lose sight of the goal and dont lose faith.2.Be an Advocate.3.Celebrate the Mundane.4.Contribute to the Data Set.Call to Action18October 11,202419Questions?Email:securebydesigncisa.dhs.govOctober 11,202420