Intense criticism from the information security community has prompted the Cybersecurity and Infrastructure Security Agency to roll back its plans to divert the distribution of online security updates and guidelines to its X account and email subscriptions while retaining only urgent alerts on its website, reports Infosecurity Magazine.
With CISA's public advisories being a centralized resource for threat warnings or vulnerabilities that require immediate action, moving its Known Exploited Vulnerabilities, RSS feeds, and web alerts to subscription-based delivery was regarded by security analysts to potentially limit threat visibility, particularly for organizations without their own threat intelligence teams. Social media use for such advisories could also present archiving, automation, and parsing challenges, according to other experts. "We have paused immediate changes while we re-assess the best approach to sharing with our stakeholders," said CISA, which has not yet detailed further steps toward the implementation of the changes that were aimed at curbing excessive informational noise.
With CISA's public advisories being a centralized resource for threat warnings or vulnerabilities that require immediate action, moving its Known Exploited Vulnerabilities, RSS feeds, and web alerts to subscription-based delivery was regarded by security analysts to potentially limit threat visibility, particularly for organizations without their own threat intelligence teams. Social media use for such advisories could also present archiving, automation, and parsing challenges, according to other experts. "We have paused immediate changes while we re-assess the best approach to sharing with our stakeholders," said CISA, which has not yet detailed further steps toward the implementation of the changes that were aimed at curbing excessive informational noise.
