Security Principles: Addressing Vulnerabilities Systematically
For more than two decades, the FTC has been bringing enforcement actions for violations of national consumer protection laws due to companies’ poor security practices. These poor practices have included failure to encrypt sensitive data, storing credentials in source code, failing to test for common vulnerabilities, and failure to use multi-factor authentication, among others. To remedy these practices, the orders the FTC has obtained in these...