The Cybersecurity and Infrastructure Security Agency and the FBI are calling on manufacturers to take steps to prevent buffer overflow vulnerabilities from being introduced into their products.
Table of Contents
Persistent Security Issue
The agencies said in a Secure by Design Alert issued Wednesday that buffer overflow vulnerabilities are a common and well-documented kind of memory safety software design defect that can lead to system compromise. Despite the availability of proven mitigation measures, manufacturers continue to use unsafe software development practices, resulting in the persistence of buffer overflow vulnerabilities.
Effective Mitigation Measures
The alert documents mitigation measures that CISA has deemed most effective and feasible. These include the use of memory-safe languages when developing software, conducting aggressive adversarial product testing and the publication of a memory-safety roadmap detailing how the manufacturer plans to develop new products with memory-safe languages and migrate code to memory-safe languages. It was recommended that manufacturers put the measures into effect.
Role of the Customer
CISA and the FBI are also calling on customers to help ensure that manufacturers adhere to safe software development practices. According to the two agencies, customers can help by asking manufacturers to provide a software bill of materials and a secure software development attestation.
Related Articles
The General Services Administration has launched USAi, a secure generative artificial intelligence suite designed to help federal agencies experiment with AI tools and accelerate AI adoption. GSA said Thursday the launch of USAi advances the priorities in the White House’s America’s AI Action Plan, which seeks to strengthen U.S. leadership in AI through coordinated federal action, streamlined adoption and smarter infrastructure. A panel discussion at the Potomac Officers Club’s 2025 Navy Summit on Aug. 26 will explore generative AI and how it optimizes decision-making within the service branch. Book your spot now at this GovCon networking event! Expanding Federal Government’s
Nextgov/FCW reported that the Federal Acquisition Regulatory Council on Thursday released new model deviation text for six parts of the FAR as part of the Revolutionary FAR Overhaul, or RFO, initiative. In April, President Donald Trump signed an executive order directing his administration to amend FAR to streamline the federal procurement process and eliminate barriers to doing business with the government. In June, the FAR Council released model deviation text for sections related to emergency acquisitions, contract modifications and acquisition of information and communication technology, or ICT. The overhauled FAR parts include sections related to administrative and information matters; required sources of
The National Science Foundation and NVIDIA will invest $152 million in the development of advanced, open-source artificial intelligence models aimed at accelerating American scientific discovery. The public-private investment will support the Open Multimodal AI Infrastructure to Accelerate Science project led by the Allen Institute for AI, or Ai2, NSF said Thursday. Public-Private Investment for Open Source AI Models NSF will provide $75 million, with NVIDIA contributing $77 million. The initiative supports the White House AI Action Plan and aims to ensure the United States remains a leader in AI-powered research and innovation. “As called for in the AI Action Plan,