Next-Generation Technologies & Secure Development
The U.S.’s leading cyber defense agency enlisted 68 software firms in a new pledge aimed at embedding stronger security measures directly into product designs in a broader effort to shift security responsibilities from users to developers.
See Also: How Elastic Is Changing the SIEM Game With AI Solutions
The Cybersecurity and Infrastructure Security Agency announced the Secure By Design pledge Wednesday. It includes seven goals for manufacturers to work toward and detailed approaches to demonstrate measurable progress, including increasing the use of multifactor authentication, reducing default passwords and entire classes of vulnerability, and enhancing security patching across the manufacturer’s products. Pledgees vowed to do so within the next 12 months.
“More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation,” CISA Director Jen Easterly said in a statement accompanying the announcement. “I applaud the companies who have already signed our pledge for their leadership and call on all software manufacturers to take the pledge and join us in creating a world where technology is safe and secure right out of the box.”
The pledge also calls on manufacturers to publish vulnerability disclosure policies that allow for testing by members of the public on their products and transparent disclosures of vulnerabilities. Organizations that sign on to the commitment agree to “demonstrate a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.”
The 68 inaugural members of the Secure By Design pledge include Amazon Web Services, Cisco, Cloudflare, Microsoft, Hewlett Packard Enterprise and IBM. According to CISA, the pledge builds on existing software security best practices developed by the National Institute of Standards and Technology as well as industry and international standards.
“The items in the pledge directly address some of the most pervasive cybersecurity threats we at CISA see today,” CISA Senior Technical Advisor Jack Cable said in the statement. “Every software manufacturer should recognize that they have a responsibility to protect their customers.”
CISA, the FBI, the NSA and international partners published a framework in 2023 for manufacturers to further build security into the design process, calling for risk assessments to identify top cyberthreats to critical systems and including protections in product blueprints (see: CISA, Others Unveil Guide for Secure Software Manufacturing).
The agencies wrote that secure by design principles “not only strengthen the security posture for customers and brand reputation for developers but also lower maintenance and patching costs for manufacturers in the long term.”
Managing Editor, GovInfoSecurity
Riotta is a journalist based in Washington, D.C. He earned his master’s degree from the Columbia University Graduate School of Journalism, where he served as 2021 class president. His reporting has appeared in NBC News, Nextgov/FCW, Newsweek Magazine, The Independent and more.
Covering topics in risk management, compliance, fraud, and information security.
By submitting this form you agree to our Privacy & GDPR Statement
whitepaper
whitepaper
whitepaper
whitepaper
whitepaper
Events
Events
Events
Artificial Intelligence & Machine Learning
Artificial Intelligence & Machine Learning
Continue »
90 minutes · Premium OnDemand
Overview
From heightened risks to increased regulations, senior leaders at all levels are pressured to improve their organizations’ risk management capabilities. But no one is showing them how – until now.
Learn the fundamentals of developing a risk management program from the man who wrote the book on the topic: Ron Ross, computer scientist for the National Institute of Standards and Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37 – the bible of risk assessment and management – will share his unique insights on how to:
Sr. Computer Scientist & Information Security Researcher, National Institute of Standards and Technology (NIST)
Was added to your briefcase
Technology Giants Join CISA's Secure By Design Pledge
Technology Giants Join CISA's Secure By Design Pledge
Just to prove you are a human, please solve the equation:
Sign in now
Need help registering?
Contact support
Complete your profile and stay up to date
Contact Support
Create an ISMG account now
Create an ISMG account now
Need help registering?
Contact support
Sign in now
Need help registering?
Contact support
Sign in now
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
