Nearly 160 software companies have pledged to enhance cybersecurity practices under the Cybersecurity and Infrastructure Security Agency’s (CISA) Secure by Design Pledge. This initiative encourages companies to make measurable progress on specific cybersecurity goals within a year and to publicly share their achievements or challenges. The goals focus on designing products that are easier to use securely and more resistant to hacking, and improving transparency around vulnerabilities.
CISA’s pledge includes seven key objectives aimed at reducing vulnerabilities and improving security measures. These objectives involve eliminating default passwords, promoting multi-factor authentication, increasing security patching, publishing vulnerability disclosure policies, and improving evidence gathering for detecting cyber incidents. The goal is to prevent common exploitable defects and enhance customer awareness and protection.
While the pledge is voluntary and CISA cannot enforce compliance, it aims to foster industry-wide improvements through shared practices and accountability. An upcoming initiative will facilitate regular meetings for participating companies to exchange ideas and best practices. Public pressure is expected to encourage adherence to the pledge.
The Secure by Design Pledge also addresses the financial benefits of proactive security measures. By identifying and fixing vulnerabilities early, companies can avoid the higher costs associated with later patches and damage control. Although the full impact on the software sector is still being assessed, the initiative reflects a growing emphasis on integrating security from the outset of product development.