CISA and NSA Warn Top Security Risks Stem From Poor Software Design

CISA and NSA identify unchanged default credentials as the top security misconfiguration that leads to cyberattacks.

Insufficient network monitoring and improper separation of user/admin privileges also ranked highly in the top security risks.

The advisory aims to push software developers towards secure-by-design principles to reduce burden on defenders.

US government continues to strongly promote security-by-design in legislation and strategy documents.

CISA says neither government nor industry alone can solve the problem, calling for collaboration.