Major Tech Companies Sign CISA’s Secure by Design Pledge

Sixty-eight large software manufacturers have signed voluntary commitments to the Cybersecurity and Infrastructure Security Agency’s Secure by Design pledge to develop products with stronger built-in security. 

According to CISA, the signatories include Amazon Web Services, BlackBerry, Google, Hewlett Packard Enterprise, IBM, Lenovo and Microsoft. The companies’ pledges commit them to accomplish seven goals within one year of their signing, with increased product use of multifactor authentication among them, CISA said Wednesday.

Other commitments include the reduction of default passwords across product offerings, increased security patches and publication of a vulnerability disclosure policy authorizing product testing and vulnerability disclosures by the public. 

CISA Director Jen Easterly, a 2024 Wash100 award winner, applauded the pledge signatories, saying that more secure software is the best protection in the face of increasing cyberattacks against the United States.  

 In September, CISA announced that six K-12 education technology software providers, including PowerSchool, Classlink and Clever, had signed the Secure by Design commitment. The agency has also joined the Minimum Viable Secure Product Working Group, a coalition of technology companies and organizations encouraging tech firms to take responsibility for their customers’ security outcomes while using their products or services.