Fwd: CISA Pre-Release - SbD Alert: Buffer Overflow – TLP:AMBER+STRICT
Steve Springett
From: Petrich, Jordan <JORDAN....@cisa.dhs.gov>
Date: Oct 25, 2024 at 4:11 PM -0500
To: steve.s...@owasp.org <steve.s...@owasp.org>
Cc: JCDC_ind...@cisa.dhs.gov <JCDC_ind...@cisa.dhs.gov>
Subject: CISA Pre-Release - SbD Alert: Buffer Overflow – TLP:AMBER+STRICT
TLP:AMBER+STRICT
Hi Steve,
My name is Jordan, and I’m with CISA’s Joint Cyber Defense Collaborative (JCDC) – nice to virtually meet you!
I received your contact information from my colleague Allan Friedman, and our team is reaching out to share the attached pre-release with you for awareness and to obtain feedback from you or others within OWASP.
The pre-release is of a CISA Secure by Design (SbD) Alert, Malicious Cyber Actors Use Buffer Overflow Vulnerabilities to Compromise Software, and is part of CISA’s ongoing SbD efforts. This specific alert focuses on buffer overflow vulnerabilities and highlights how they can allow malicious actors to overwrite the memory of a running program – leading to unauthorized code execution, data corruption, or crashes.
OWASP is referenced on page 3 of the alert, which links to the best practices that have been released by the foundation. We link to OWASP a few other times throughout the document footnotes, as well.
If OWASP has any feedback related to this alert, please let us know by COB Thursday, October 30th. We also ask that you hold this pre-release at TLP:AMBER+STRICT until final publication (exact date and time of publication is still being determined).
Thank you, and let us know if you have any questions!
Best,
Jordan
---
Jordan Petrich
Senior Insights & Engagement Lead
Industry Partnerships | Joint Cyber Defense Collaborative (JCDC)
Cybersecurity and Infrastructure Security Agency (CISA)
Cell: (202) 431-0972 | Email: jordan....@cisa.dhs.gov
Verify my employment by contacting CISA Central: (888) 282-0870 | https://www.cisa.gov/cisa-central
