The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have collaboratively released joint guidance focusing on Product Security Bad Practices, a component of CISA's Secure by Design initiative, aimed at software manufacturers supporting critical infrastructure. The guidance categorizes risky practices into product properties, security features, and organizational processes, providing insights, recommended actions, and resources. While targeting software makers for critical functions, all developers are advised to steer clear of these practices to enhance customer security
The public commentary phase starts immediately and extends until December 2, 2024, allowing stakeholders to share feedback through the Federal Register, emphasizing the importance of prioritizing security in the software development lifecycle. ```https://www.cisa.gov/news-events/alerts/2024/10/16/cisa-and-fbi-release-joint-guidance-product-security-bad-practices-public-comment