Software Makers Strengthen Security Initiatives with CISA’s Secure by Design Pledge

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has initiated the Secure by Design pledge, aiming to enhance software security across critical infrastructure sectors. Participants, including software manufacturers, commit to integrating security from the design phase, fostering resilience against cyber-attacks. This initiative promotes secure coding, periodic security testing, and threat modeling, benefiting industries such as energy, health, and transport.
Lauren Zabierek from CISA highlighted that over 150 manufacturers have signed the pledge, focusing on reducing vulnerabilities and improving network observability. The pledge covers IT components and software, extending benefits to operational technology (OT) and cloud infrastructure. The agency is also exploring an OT-specific pledge.
Industry experts from Trend Micro, Tenable, and Forescout discussed their alignment with the pledge. They emphasized integrating security into the software development lifecycle, employing automated security testing, and adhering to standards like IEC 62443. Collaboration with regulatory bodies and industry groups enhances their security measures.
Looking ahead, experts anticipate the Secure by Design pledge will become a mandatory guideline, with emerging technologies like AI playing a significant role in future software security. The growth of IoT devices will also necessitate rigorous security standards from inception.