The Cybersecurity and Infrastructure Security Agency and the FBI have released a joint alert urging technology manufacturers to eliminate SQL injection vulnerabilities in software.
The Secure by Design Alert was issued in response to a recent exploitation of SQLi vulnerabilities in a managed file transfer application to target users of the application, CISA said Monday.
The bureau and CISA called on senior executives at tech manufacturing firms to conduct a formal review of their code to determine its risks to SQLi compromises.
“If they discover their code has vulnerabilities, senior executives should ensure their organizations’ software developers immediately begin implementing mitigations to eliminate this entire class of defect from all current and future software products. Building security into products from the beginning can eliminate SQLi vulnerabilities,” the alert states.
The two agencies urged manufacturers to assess the joint guidance’s three principles: taking ownership of customer security outcomes, embracing radical transparency and accountability and building organizational structure and leadership to achieve the goals.
