68 software companies have signed the so-called Secure by Design Pledge of the US Cybersecurity and Infrastructure Security Agency. In doing so, they promise to make safer products.
The participating companies promise to work on seven concrete goals in the coming year, the CISA writes in an announcement. For example, they must take actions to promote the use of multi-factor authentication within their own products and to reduce the number of default passwords in their products.
Other goals include promoting the installation of security updates and publishing policy regarding reporting vulnerabilities. Within each goal there are core criteria that companies must work on. The companies also promise to be more transparent about vulnerabilities found in their products and to take actions to reduce entire classes of vulnerabilities. Finally, the companies promise to better enable customers to investigate product misuse. Consider logging options in certain products, with which users can see whether they have fallen victim to an attack via the product in question.
Including Cloudflare, Hewlett Packard Enterprise, Microsoft, Akamai, AWS, Fortinet, GitHub, GitLab, IBM, Google and Lenovo have signed the Pledge. The full list of participating organizations and details of the different goals can be found on the CISA website.