The Cybersecurity and Infrastructure Security Agency (CISA), at the RSA Conference 2024, has announced voluntary commitments by 68 leading software manufacturers to CISA’s Secure by Design pledge to design products with greater security built in.
The 68 companies include Akamai, Amazon Web Services, BlackBerry, Cisco, Google, Hewlett Packard Enterprise, IBM, Lenovo, Palo Alto Networks, Sophos and Zscaler.
By catalyzing action by some of the largest technology manufacturers, the Secure by Design pledge marks a major milestone in CISA’s Secure by Design initiative. Participating software manufacturers are pledging to work over the next year to demonstrate measurable progress towards seven concrete goals.
The seven goals of the pledge are multi-factor authentication (MFA), default passwords, reducing entire classes of vulnerability, security patches, vulnerability disclosure policy, CVEs, and evidence of intrusions.
Each goal has core criteria which manufacturers are committing to work towards, in addition to context and example approaches to achieve the goal and demonstrate measurable progress. To enable a variety of approaches, software manufacturers participating in the pledge have the discretion to decide how best they can meet and demonstrate the core criteria of each goal, but progress should be demonstrated in public.
Jack Cable, Senior Technical Advisor, CISA
A more secure by design future is indeed possible. The items in the pledge directly address some of the most pervasive cybersecurity threats we at CISA see today, and by taking the pledge software manufacturers are helping raise our national cybersecurity baseline. Every software manufacturer should recognize that they have a responsibility to protect their customers, contributing to our national and economic security. I appreciate the leadership of those who signed on and hope that every technology manufacturer will follow suit.
