myctrl.tools
Compare

SBD-ALERT-3Eliminating OS Command Injection Vulnerabilities

>Control Description

CISA Secure by Design Alert (July 10, 2024): Technology manufacturers should eliminate OS command injection vulnerabilities (CWE-78) from their products by using safe APIs that do not invoke shell commands, avoiding string concatenation for OS commands, using parameterized interfaces, and adopting architectural patterns that separate command construction from execution.

>Related Controls

SBD-PLEDGE-3

Ask AI

Configure your API key to use AI features.