Cybersecurity agencies from the U.S., Canada, Australia, New Zealand and the U.K. are urging organizations to prioritize implementing secure-by-design practices and patching common vulnerabilities and exposures to reduce the risk of compromise by malicious cyber actors.
In a joint advisory, the agencies provided details on CVEs routinely and frequently exploited by threat actors in 2022 to compromise organizations and outlined common weakness enumerations associated with the vulnerabilities, the Cybersecurity and Infrastructure Security Agency said Thursday.
Technology vendors, designers and developers are recommended to implement secure design practices throughout the entire software development life cycle and establish a coordinated vulnerability disclosure program.
“With our partners, we urge all organizations to review our joint advisory, for every enterprise to prioritize mitigation of these vulnerabilities, and for every technology provider to take accountability for the security outcomes of their customers by reducing the prevalence of these vulnerabilities by design,” said Eric Goldstein, executive assistant director for cybersecurity at CISA.
