May 9, 2024 at 10:37AM
Over 60 vendors have pledged to develop secure products as part of the “Secure by Design” initiative led by CISA. The focus is on addressing security as a core business requirement, with the onus on manufacturers rather than individual users. Signatories are asked to consider and demonstrate progress towards seven core security goals, with no penalties for falling short.
In summary, the RSA Conference 2023 in San Francisco saw more than 60 vendors sign the secure by design pledge, spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA). This pledge aims to shift the responsibility for product security from individuals and small businesses to manufacturers. The focus is on enterprise software and services, including cloud services, software-as-a-service, and on-premises software.
The voluntary pledge outlines seven core goals for signatories: increasing the use of multi-factor authentication, reducing the use of default passwords, minimizing vulnerability prevalence, increasing customer patch installation, publishing vulnerability disclosure policies, providing timely information about vulnerabilities, and enhancing the ability of customers to gather evidence of cybersecurity intrusions affecting the manufacturer’s products.
CISA launched the Secure by Design effort in April the previous year and released a self-attestation form and repository for software makers to provide security details about their products. Notable signatories to the pledge include Amazon Web Services, BlackBerry, Cisco, and Microsoft, among others. CISA Director Jen Easterly emphasized the importance of collaboration between government and private industry in achieving these security goals during the conference.
Let me know if you need any further information or assistance with these meeting notes.