Bonum Certa Men Certa

U.S. Department of Homeland Security/Cybersecurity and Infrastructure Security Agency (CISA) Repeating or Parroting Microsoft Talking Points

posted by Roy Schestowitz on Dec 17, 2023

Secure by Design Alert: How Manufacturers Can Protect Customers by Eliminating Default Passwords

FOUR days ago we politely complained that some media echoed talking points about "Log4Shell" being a major threat. It was patched more than 2 years ago, so why does this FUD make a comeback all of a sudden?

CISA, where Microsoft writes policies, is at it again. We want to alert readers, at the very least by citing the material in question. We want to demonstrate our point by at least bringing up one media report and the original from CISA. Yes, there are more examples, but 2 ought to suffice.

"log4j" - connected to the above - is still being brought up this year by the Linux Foundation (by media sites that it is funding! Linux Foundation head honchos worship Bill Gates for computer security) and it is still getting milked by the Microsofters, an associate reminds us, and it is now softening the heads of government officials. see the 2 CISA items below (from Daily Links):

  1. CISA urges vendors to get rid of default passwords

    The call to action comes shortly after CISA, the National Security Agency and Office of the Director of National Intelligence released additional secure-by-design guidance for open source software development. The release is a product of the Enduring Security Framework’s Software Supply Chain Working Group, which is made up of NSA, ODNI and CISA. The guidance is a part of a larger effort to secure the software supply chain that stems from an executive order on improving U.S. cybersecurity.

    “Software incorporated and/or utilized through open source may have embedded issues. It is imperative that we pay close attention to how these modules are bundled with the software at release,” the release said.

  2. Securing the Software Supply Chain: Recommended Practices for Managing Open-Source Software and Software Bill of Materials [PDF]

    Similarly, the ESF Software Supply Chain Working Panel established this second phase of guidance to provide further details for several of the Phase I Recommended Practices Guide activities. This guidance may be used to describe, assess, and measure security practices relative to the software lifecycle. Additionally, the suggested practices listed herein may be applied across a software supply chain’s acquisition, deployment, and operational phases. The software supplier is responsible for liaising between the customer and software developer. Accordingly, vendor responsibilities include ensuring the integrity and security of software via contractual agreements, software releases and updates, notifications, and the mitigation of vulnerabilities. This guidance contains recommended best practices and standards to aid customers in these tasks.

    This document aligns with industry best practices and principles that software developers and software suppliers can reference. These principles include managing open-source software and software bills of materials to maintain and provide awareness about software security.

Also note their use of the term "open-source" instead of the normal "open source". The hallmark of openwashing PR.

We kindly and humbly wish not to speculate or comment any further. We just present that for what it is.

Other Recent Techrights' Posts

Microsoft Stock Crashed When Alleged Vista 11 Numbers Disclosed
And last summer Microsoft indicated that it had lost 400 million Windows users
It's Not About Speed, It's About the Message (or Its Depth)
Better to write news than to just link to news if there's commentary that the news may merit
Mobbing at the European Patent Office (EPO) - Part IV - EPO Can Get Away With Murders, Suicide Clusters, and Systematic and Prolonged Bullying by 'Team Campinos' ("Alicante Mafia" as Insiders Call It)
Nobody in the Council or the EU/EC/EP gives a damn as long as laws are broken to fabricate 'growth'
Jeff Bezos Isn't Just Killing the Washington Post, He's Killing Thousands of News Sites/Newsrooms (in Dozens of Languages) That Rely on It for Many Decades Already
Not just slopfarms; even the Ukraine-based reporters are culled by Bezos, who's looking to please the dictators of the world
Central Staff Committee Confronted António Campinos for Giving His Cocaine-Addicted Friend Over 100,000 Euros to Do Nothing, Just Pretend to be Ill, While Cutting the Salaries of Everybody Else
"On the agenda: Amicale framework & Financial assistance for courses"
How to Win Lawsuits in 5 Simple Steps
Keep issuing threats every week and send 60 kilograms of legal papers to the target
Living in Freedom When 'False Flag Operations' Like EFF Get Captured by Billionaires to Take Freedom Away
There are many ways to think of Software Freedom
 
Growing Discrimination in the European Patent Office (EPO)
it's a race to the bottom, basically
Converting FOSDEM Talk on Software Patents in Europe Into Formats That Work for "FOS" and Don't Have Software Patent Traps
transcoded version of the video
Google News Drowning in (or Actively Promoting) Slopfarms Again
LLM slop is a nuisance
Gemini Links 07/02/2026: "Choosing a License for Literary Work" and "Social Media Is Not Social Networking (Anymore)"
Links for the day
Gemini Links 06/02/2026: Git and Email Patches; MNT Pocket Reform
Links for the day
Geminispace Net Growth in 2026 About a Capsule a Day
A pace like this means net gain of ~300 per year, i.e. about the same as last year
Benjamin Henrion Warned About the Illegal and Unconstitutional Unified Patent Court (UPC) in FOSDEM 2026
Listen to Benjamin Henrion
Economies Crashing Not Because of Slop Improving 'Efficiency' (That's a False Excuse) and 'Expensive' (Read: Qualified) Workers Discarded in Race to the Bottom
Actual cocaine addicts are pushing out moral people
IBM's CEO Speaks of Layoffs, Resorts to Mythical (False) Excuses
This has nothing to do with slop
Links 06/02/2026: Voter Intimidation and Press Shutdowns in US, Web Traffic Warped by LLM Sludge
Links for the day
Does Linux Torvalds Regret Having Dinners With Bill 'Russian Girls' Gates?
See, the rules that govern the Linux Foundation and its big sponsors aren't the same rules that apply to all of us
IBM: Cheapening Code, Cheapening Staff, Cheapening Everything
IBM's management runs IBM like it's a local branch of McDonald's. IBM is a junk company with morbid innards.
GNU/Linux Measured at 6% in One of the World's Largest Nations
Democratic Republic Of The Congo
Linux Foundation Operative Says We and Our Software All "Owe an Enormous Debt of Gratitude" to a Software Patents Reinforcer
The only true solution is to entirely get rid of all software patents
More Than 99% of "AI" Companies Aren't AI, They're Pure BS
We need to discard those stupid debates about "AI" and reject media that gets paid to participate in such overt narrative control (manipulation like The Register MS)
AI Used to Save Lives, Now "AI" is a Grifting Scheme That Burns the Planet and Will Crash the Economy
What the media calls "AI" (it gets paid to call it that) is the same stuff that could instead be dubbed "algorithms"
Amutable is a Microsoft Siege Against Freedom in GNU/Linux, Just Like the People Who Brought You 'Secure Boot' Controlled by Microsoft
Do whatever is possible to avoid Amutable and its "products"
Growing Focus on Publication
Over the past ~10 days we always served more than a million Web hits per day
"Going to be a large number of Microsoft layoffs announced soon"
Everybody knows a giant wave of layoffs is coming Microsoft's way
End of the 'GPU Bubble' and NVIDIA Finally Admits It Won't Bail Out Microsoft OpenAI Anymore
circular financing (financial/accounting fraud)
Corrupt Media Won't Hold Accountable Rich People for Role in Pedophilia
Journalistic misconduct or malpractice is a real thing
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, February 05, 2026
IRC logs for Thursday, February 05, 2026
EPO Management ("Alicante Mafia") Not Properly Sharing Information on Scale of Strikes by EPO Staff
disproportionate (double) deductions in salaries against people who participate in strikes, which are protected by law
Gemini Links 06/02/2026: Slop/Microslop, Home Assistant, and Valid Ex Commands
Links for the day
Blackmail evidence: Debian social engineering exposed in ClueCon 2024 talk on politics
Reprinted with permission from Daniel Pocock
Bitcoin crash: opportunity or the end game?
Reprinted with permission from Daniel Pocock
Changes at the Solicitors Regulation Authority (SRA)
SRA is basically a waste of money
Claims That IBM Will Lay Off 20% (or 15%) of Its Workforce This Year Unless It Finds a Way to Push Them All Out by Threats, Shame, Guilt
Where are the articles about IBM layoffs?
IBM Isn't a Serious Company Anymore, It's a Ponzi Scheme Operated by a Clique and It Misuses Companies It Acquires to Prop Up or Legitimise the Scheme
IBM seems like it's nothing but a "Scheme"
Google News Drowning in Slop About "Linux" (Slopfarms Galore)
Google should know better than to link to any of these slopfarms, but today's Google is itself a pusher of slop
Links 05/02/2026: EU Commission Gutting Net Neutrality
Links for the day
Gemini Links 05/02/2026: NixOS Books and Monochrome Emojis
Links for the day
Links 05/02/2026: Canadian Government Uses US LLMs to Override Expert Opinions, NVIDIA Troubles Due to Enablement of Mass Plagiarism ('Piracy') Misleadingly Obscured as "Hey Hi"
Links for the day
Explaining the Letter From JUDGE SYKES FRIXOU, Threatening Me Around the Time GNOME's Nat Friedman Lost His CEO Job at Microsoft GitHub and His Best Friend Got Arrested for Strangulation
this letter (with annotation) is critical
Linuxiac Not Rehabilitated, It's Still Full of LLM Slop (Part of a Trend)
The Web as a resource/source of information is perishing
"Sponsored by Azul" to Write Fake 'Article' About Azul, Quoting Azul Itself
The "journalism" industry [sic] became so utterly corrupt
JuristGate is for sale: three billion Swiss francs for a domain name
Reprinted with permission from Daniel Pocock
Like Microsoft and IBM, the 'Alicante Mafia'-Governed EPO Does PIPs Nowadays (at the EPO, It's "Professional Incompetence Procedure")
So "PIPs" are definitely in the EPO and we saw letters sent to staff
Time for Change, More New Articles, Less Curation
The oligarchy wants to gut the real press and replace media with slop and social control media (or social control media with slop in it, i.e. their own voices, mechanised)
Gemini Links 05/02/2026: Coercion, Antibiotics, and LVDT Project
Links for the day
Almost 1,600 EPO Employees Went on Strike Last Week
There is another strike coming 2.5 weeks from now
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 04, 2026
IRC logs for Wednesday, February 04, 2026