December 15, 2023, Cybersecurity and Infrastructure Security Agency (CISA) issued Secure by Design alerts and guidance on how manufacturers can protect their customers by eliminating default passwords.
The guidance was created by CISA and “encourages technology manufacturers to implement Principles 1 and 3 of the Joint Guidance: Shifting the Balance of Cybersecurity Risk: Principles and Approaches to Securing Software.” , we encourage you to proactively eliminate the risk of default password abuse.”
- Responsible for customer security outcomes.
- Build the organizational structure and leadership to achieve these goals.
CISA’s conclusion is that if software manufacturers implement these two principles, they can “prevent the abuse of static default passwords on their customers’ systems.” Because threat actors are abusing default passwords, CISA is asking manufacturers to proactively remove default passwords so that customers can no longer use them and they continue to be misused. According to CISA, “asking thousands of customers to change their passwords is not enough; only concerted action by technology manufacturers can adequately address the serious risks facing critical infrastructure organizations. is proven by years of evidence.”
May software developers heed and respond to CISA’s call to protect their customers from known threats.
[View source.]