Today, CISA and FBI released a Secure by Design Alert, Eliminating Cross-Site Scripting Vulnerabilities, as a part of our ongoing effort to reduce the prevalence of vulnerability classes at scale. Vulnerabilities like cross-site scripting (XSS) continue to appear in software, enabling threat actors to exploit them. However, cross-site scripting vulnerabilities are preventable and should not be present in software products.Â

CISA and FBI urge CEOs and other business leaders at technology manufacturers to direct their technical leaders/teams to review past instances of these defects and create a strategic plan to prevent them in the future. Â

Visit our website to learn more about the principles of Secure by Design, take the Secure by Design Pledge, and stay informed on the latest Secure by Design Alerts.Â

Leave a Reply

Your email address will not be published. Required fields are marked *

Explore More

CISA Releases Four Industrial Control Systems Advisories

September 10, 2024 0 Comments 0 tags

CISA released four Industrial Control Systems (ICS) advisory on September 10, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-254-01 Viessmann Climate Solutions

Read More

RSAC: Law Enforcement Takedowns Force Ransomware Affiliates to Diversify

May 7, 2024 0 Comments 0 tags

A new Chainalysis report showed that recent law enforcement operations have pushed ransomware affiliates to increasingly use multiple strains in order to stay afloat

Read More

China-Linked Threat Actors Target Taiwan Military Industry

September 10, 2024 0 Comments 0 tags

TIDRONE group targets military, drone and satellite industries in Taiwan

Read More