Washington D.C. (AP) – A new voluntary pledge is being introduced to focus on enhancing the security of enterprise software products and services. This pledge excludes physical products like IoT devices and consumer products, aiming to encourage companies to work towards specific goals within a year of signing the pledge.
Software manufacturers participating in this pledge commit to making a sincere effort to achieve the outlined goals. If measurable progress is made, they are expected to publicly document their achievements within one year. In cases where progress is not achieved, manufacturers are encouraged to share their efforts and challenges with the Cybersecurity and Infrastructure Security Agency (CISA) and provide transparency in their approach for others to learn.
The pledge consists of seven goals, each with core criteria that manufacturers must strive towards. Manufacturers are given the flexibility to choose the best approach to meet these criteria and demonstrate progress. CISA praises those manufacturers who already meet or exceed the goals and encourages them to share their strategies for others to follow.
This initiative is designed to complement existing software security practices developed by organizations like CISA, NIST, and other federal agencies, as well as international and industry best practices. The goal is to promote a secure-by-design mindset in the software development process.
Overall, this pledge serves as a voluntary commitment for software manufacturers to enhance the security of their products and services, contributing to a more resilient and secure digital environment. Through transparency and collaboration, participants can collectively work towards a stronger cybersecurity posture in the industry.