The Cybersecurity and Infrastructure Security Agency (CISA) is soliciting comments on their upcoming Product Security Bad Practices guidance, part of the Secure by Design initiative, focusing on risky practices for organizations supporting critical infrastructure, with recommendations for software manufacturers on mitigating risks by voluntary adoption. The draft includes three categories - product properties, security features, and organizational processes - outlining areas such as default passwords, lack of vulnerability disclosure policies, and more. Stakeholders are invited to provide input by December 2, 2024, to enhance the guidance aimed at instilling a culture of cybersecurity at the core of product development, signaling manufacturers' commitment to customer security
https://www.infosecurity-magazine.com/news/cisa-product-security-flaws/