K-12 Software Providers Sign Secure-by-Design Pledge

Six K-12 software providers have committed to developing products with enhanced security. PowerSchool, Classlink, Clever, GG4L, Instructure and D2L voluntarily signed a pledge for K-12 education technology software manufacturers in line with the Cybersecurity and Infrastructure Security Agency’s secure-by-design whitepaper.

By signing the pledge, the companies agree to take ownership of customer security outcomes, embrace radical transparency and accountability, and place a top executive responsible for making secure technology a key priority, CISA said.

Actions involved with the three secure-by-design principles include providing customers a single sign-on capability at no extra charge to reduce password-based attacks, publishing a secure-by design road map and security-relevant statistics and trends, implementing a vulnerability disclosure policy and publicly naming a top business leader responsible for the development and implementation of the secure-by-design roadmap and other security-related leadership tasks.

CISA Director Jen Easterly, a 2023 Wash100 awardee, is inviting all other K-12 technology providers to make the same commitment as the six software manufacturers to improve cybersecurity for the education sector. Ensuring schools and administrators have access to secure technology and software will help address K-12 cybersecurity issues, Easterly said.