Championing Security: Understanding CISA’s Secure by Design Pledge

Share this blog

At Zimperium, we believe in a future where cybersecurity is not an afterthought but an integral part of technology from the ground up. This vision aligns with the Cybersecurity and Infrastructure Security Agency (CISA) and its Secure by Design pledge. This initiative is a significant step towards embedding security into the software development process, shifting focus from reactive measures to proactive, built-in protections. 

The Core of the Secure by Design Pledge

Imagine a world where every piece of software is crafted with security at its core, where the technology we depend on daily is fortified against threats from the beginning. This is why CISA’s Secure by Design pledge exists. It is a voluntary commitment that we at Zimperium wholeheartedly support.

By signing this pledge, software manufacturers commit to integrating or partnering on security measures during the initial stages of product development. The pledge focuses on seven critical goals CISA looks to achieve with the help of several cybersecurity players:

  1. Implementing Multi-Factor Authentication (MFA): Ensuring MFA is widely adopted across products to enhance security layers.
  2. Eliminating Default Passwords: Reducing the reliance on default passwords, which are a common vulnerability.
  3. Reducing Vulnerability Classes: Taking concrete actions to decrease the prevalence of vulnerability classes across products.
  4. Ensuring Timely Security Patches: Increasing the frequency and efficiency of security patch installations.
  5. Establishing a Vulnerability Disclosure Policy (VDP): Creating transparent channels for reporting and addressing vulnerabilities without legal repercussions for good-faith efforts.
  6. Transparency in Vulnerability Reporting: Accurately documenting vulnerabilities and ensuring timely issuance of Common Vulnerabilities and Exposures (CVEs).
  7. Enhancing Evidence of Intrusions: Improving the ability of customers to detect and gather evidence of cybersecurity intrusions​.

Impact and Industry Participation

There are 68 leading technology companies who have signed the pledge, including giants like Amazon Web Services, Google, Microsoft, and IBM. These companies are committed to demonstrating measurable progress in securing their products, a crucial step in protecting critical infrastructure and reducing the risk of cyberattacks.

Zimperium’s Role in Enhancing Mobile Security

“At Zimperium, we’re dedicated to raising the bar for mobile security, aligning with CISA’s Secure by Design principles. With a focus on the public sector, our advanced solutions quickly identify emerging threats, ensuring mobile devices are protected and contributing to a safer digital environment for everyone,” says Zimperium’s VP of Public Sector, Gary Bradt. 

Our solutions, such as MTD and MAPS protect against a wide range of cyber threats, ensuring that mobile devices remain secure in an increasingly mobile world. Zimperium’s continuous innovation and commitment to security exemplify how companies can contribute to a safer digital landscape. By integrating machine learning and deep learning techniques, behavioral analysis and deterministic techniques, the Zimperium Dynamic On-Device Detection Engine, helps organizations detect and respond to threats in real time, thus supporting the broader goals of CISA’s initiative.

A Vision for a Secure Digital Future

CISA’s Secure by Design pledge is an important step towards a more secure digital future. By committing to these rigorous security standards, technology manufacturers are protecting their customers while contributing to national and global cybersecurity efforts. At Zimperium, we are at the forefront of this movement, demonstrating that security by design is not just a goal but a necessary evolution in the digital age.

For more information, you can read the full Secure by Design pledge on CISA’s website here.

Avatar photo
Author: Zimperium

Get started with Zimperium today