CISA inks 68 tech vendors to secure-by-design pledge — but will it matter?

Some of the biggest names in the tech industry signed onto a public pledge, backed by the US Cybersecurity and Infrastructure Security Agency, promising to implement important software security measures in their products.

The CISA “Secure By Design” pledge outlines seven areas in which signatories are expected to make significant improvements. Multifactor authentication should be used by default, default passwords should be randomized or mandatorily changed on first use, and SQL injection attacks should be eliminated by, for example, enforcing parametrized queries. The pledge also asks signers to implement regular patching, vulnerability disclosure policies, transparent CVEs, and forensic data about intrusions.

Among large vendors who signed the pledge are Cisco, AWS, Google, IBM, Microsoft, Lenovo, and other mainstays of enterprise IT architectures.