Vendors, designers, and developers:
- Implement secure-by-design and -default principles and tactics to reduce the prevalence of vulnerabilities in your software.
- Follow the Secure Software Development Framework (SSDF), also known as SP 800-218, and implement secure design practices into each stage of the software development life cycle (SDLC). As part of this, establish a coordinated vulnerability disclosure program that includes processes to determine root causes of discovered vulnerabilities.
- Prioritize secure-by-default configurations, such as eliminating default passwords, or requiring addition configuration changes to enhance product security.
- Ensure that published CVEs include the proper CWE field identifying the root cause of the vulnerability.
End-user organizations:
- Apply timely patches to systems. Note: First check for signs of compromise if CVEs identified in this CSA have not been patched.
- Implement a centralized patch management system.
- Use security tools, such as endpoint detection and response (EDR), web application firewalls, and network protocol analyzers.
- Ask your software providers to discuss their secure-by-design program and to provide links to information about how they are working to remove classes of vulnerabilities and to set secure default settings.
