Latest Stock Market News

Tech Companies Promise Secure by Design Products


RSA CONFERENCE 2023 – San Francisco – More than 60 vendors have signed the secure by design pledge, the commitment to develop secure products spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA).

CISA defines secure by design as “the security of the customers is a core business requirement, not just a technical feature.” Companies that adopt these principles are promising to consider security during the design phase and throughout the product lifecycle to create more resilient products.

Instead of putting the onus of security on individuals and small businesses, the goal is to put the responsibility on manufacturers who are making the products. The voluntary pledge focuses on enterprise software products and services, including cloud services, software-as-a-service, and on-premises software.

“There is a real urgency that everybody in this room not only feels but is highly aware of, and it is all about developing new and retrofitting older technologies and software with security as a core consideration,” said CISA Director Jen Easterly at the RSA Conference in San Francisco this week.

The voluntary pledge focuses on enterprise software and services, which includes cloud services, software-as-a-service, and on-premises software. Signatories to the pledge are asked to consider seven core goals and demonstrate their progress towards meeting those goals within one year. How they demonstrate progress, and the order they address the goals, is up to the individual companies, and there are no penalties for falling short.

  • Increase the use of multifactor authentication across products.

  • Reduce the use of default passwords in products.

  • Reduce the prevalence of entire classes of vulnerabilities.

  • Make efforts to increase the installation of patches by customers.

  • Publish a vulnerability disclosure policy.

  • Be more transparent and timely about common vulnerabilities and exposures (CVEs).

  • Increase the ability of customers to “gather evidence of cybersecurity intrusions affecting the manufacturer’s products.

CISA launched its Secure by Design effort in April last year, urging “software manufacturers to take urgent steps necessary to ship products that are secure by design and revamp their design and development programs to permit only secure by design products to be shipped to customers.” Earlier this year, CISA released a self-attestation form and repository that software makers can use to provide security details about their products. Federal agencies can look up the information to to ensure the software they are buying has been created using secure development practices.

Amazon Web Services, BlackBerry, Cisco, CrowdStrike, Fortinet, GitHub, Google, Hewlett Packard, IBM, Ivanti, Lenovo, Microsoft, Netgear, Okta, and Palo Alto Networks have signed the pledge.

“Government can’t do this alone, private industry can’t do this alone. We have to bring the community together,” Easterly said.





Read More: Tech Companies Promise Secure by Design Products

You might also like
companies

China’s “new third board” companies speed up innovation…

companies

Companies unveil M&A plans across multiple sectors at shareholders’…

companies

Why companies are turning to internal hackathons

companies

More than 1500 investment companies are rushing into Bitcoin ETFs.

companies

Companies are trying to attract more smartphone users across Africa. But there are…

companies

Some A.I. Companies Face a New Accusation: ‘Open Washing’

companies

OpenAI disbands team devoted to artificial intelligence risks – Companies

companies

Huge Artificial Intelligence (AI) News for 3 Tech Companies This Week — None of…

companies

US sanctions several Russia companies and individuals over North Korea arms transfer…

companies

The week in GRC: Cyber-threats increase for companies over the past year and Supreme…