Sixty-eight software manufacturers worldwide have participated in a pledge by the Cybersecurity and Infrastructure Security Agency to produce software products and services designed with security protections.
CISA said Wednesday members of the Secure by Design pledge must work on achieving goals such as using multi-factor authentication, minimizing the use of default passwords, reducing vulnerability classes and increasing the installation of security patches by customers.
The companies must publish a vulnerability disclosure policy to authorize the public to test their products for potential vulnerabilities and allow for public disclosure of identified software weaknesses.
In addition, pledge members must include accurate Common Weakness Enumeration and Common Platform Enumeration fields in their products’ Common Vulnerabilities and Exposures records.
“More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation. I am glad to see leading software manufacturers recognize this by joining us at CISA to build a future that is more secure by design,” said Jen Easterly, director of CISA.
“I applaud the companies who have already signed our pledge for their leadership and call on all software manufacturers to take the pledge and join us in creating a world where technology is safe and secure right out of the box,” the 2024 Wash100 Award recipient said.
Join the Potomac Officers Club’s 2024 Cyber Summit on June 6 to hear from government and industry experts about the dynamic and ever-evolving role of cyber in the public sector. Register here!