Vulnerability Management

New federal alert seeks XSS vulnerability remediation

Tech providers have been urged by the Cybersecurity and Infrastructure Security Agency and the FBI to implement additional security measures on top of input sanitization techniques to remove cross-site scripting vulnerabilities from their products, according to SecurityWeek.

Eliminating XSS flaws requires written threat model and code reviews, adversarial product testing, and advanced web frameworks for appropriate escaping or quoting, said the agencies in a joint alert. Both CISA and the FBI also called on vendors to adopt the secure by design principles of customer security outcome ownership, transparency and accountability, and organizational structure and leadership to ensure the absence of XSS issues. "To demonstrate their commitment to building their products that are secure by design, software manufacturers should consider taking the Secure by Design Pledge. The pledge lays out seven key goals that the signers commit to demonstrating measurable progress towards, including reducing systemic classes of vulnerability like cross-site scripting," the agencies added.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds