Use of Insecure Cryptographic Algorithms
The CISA warns against using outdated encryption methods such as Transport Layer Security (TLS) 1.0/1.1, MD5, SHA-1, and Data Encryption Standard (DES). The agencies recommend that vendors adopt modern encryption protocols and support post-quantum cryptographic algorithms.
Embedding Credentials or Secrets in Software Source Code
This practice is highly risky as it can easily expose critical information. CISA advises vendors to use secure secret management tools that enable safe credential retrieval and to implement scanning mechanisms intended to detect sensitive data within the code.
Clear Communication About Product Support Periods
Vendors are encouraged to clearly define the duration of their product support at the time of sale and ensure that security updates are provided throughout the support window. This transparency helps customers manage the risks associated with using outdated software.
Comments