Software vulnerabilities: CISA publishes the top 25 of the year 2024
The US authority CISA and Mitre have published the top 25 most dangerous software vulnerabilities of 2024.
The top 25 most dangerous software vulnerabilities are aimed at developers, product managers, purchasers and IT security managers
(Image: Pixels Hunter/Shutterstock.com)
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the MITRE-operated Homeland Security Systems Engineering and Development Institute (HSSEDI), has published a top 25 list of the most dangerous software vulnerabilities of 2024. According to MITRE, the 25 are the most common and most serious behind the 31,770 CVE records of 2024 and are frequently used by attackers to compromise systems, steal sensitive data or sabotage critical systems, CISA writes on its website.
Recommendation to developers, purchasers and security managers
The authority recommends that companies and public bodies take the list into account in their software security strategy. Taking the listed vulnerabilities into account in development and procurement processes helps to avoid security gaps at the core of the software lifecycle. Security managers should consider the top 25 in vulnerability management and application testing processes, and developers should consult them to identify potential high-priority vulnerabilities. According to Mitre, entire error classes can be eliminated in this way, such as those that affect memory security. Product and development teams should integrate secure-by-design practices into their development processes wherever possible. Secure by design means that software manufacturers follow best practices in the field of IT security throughout the entire design and development process.
Videos by heise
The list is also aimed at purchasers and risk managers: they should refer to the list when assessing providers and integrate secure-by-demand principles into their processes. Secure by Demand, on the other hand, means that buyers should ensure that they only purchase software from providers that follow CISA's Secure by Design guidelines.
According to Mitre, incorporating the list into these processes can not only prevent security vulnerabilities from occurring, but also help analyze trends, prioritize risks and possibly reduce costs. Transparency in dealing with vulnerabilities and their management could also increase customer confidence.
(kst)
