CISA’s pledge drew some big names, but the impact on software security could be limited. Meanwhile the org has extended its comment period on the CIRCIA cyberattack reporting law.

CISA said Wednesday members of the Secure by Design pledge must work on achieving goals such as using multi-factor authentication, minimizing the use of default passwords, reducing vulnerability classes and increasing the installation of security patches by customers.

CISA's Secure by Design pledge consists of areas of improvement split into seven primary categories: multi-factor authentication (MFA), default passwords, reducing entire classes of vulnerability, security patches, vulnerability disclosure policy, CVEs, and evidence of intrusions.

May 08, 2024 - SAN FRANCISCO, Calif. -- At an RSA Conference event held on May 8, security leaders representing more than 50 vendors signed a secure by design pledge, spearheaded by the Cybersecurity and Infrastructure Security Agency (CISA).

A cohort of the largest tech companies have pledged to implement and adhere to increased "secure-by-design" principles laid out by CISA as part of a new security pledge. Why it matters: Private sector commitment and tech industry partnership is an important step to advance the federal government's cybersecurity strategy and combat increased threats posed by nation-state hackers and exploitative cyberattacks.

Security's an uphill battle... does this latest move have teeth? RSAC Some of the biggest names in tech – including AWS, Microsoft, Google, Cisco and IBM – have signed up to a US Cybersecurity and Infrastructure Agency-led effort and promised to take a series of actions within a year to make their products more secure.