The process of software development is an ever-changing journey. The Fortra team continually collaborates with customers and industry organizations to prioritize and incorporate new and evolving information and requirements into our products and services. One of these organizations is the Cybersecurity and Infrastructure Security Agency (CISA), the U.S.’ national coordinator for critical infrastructure security and resilience. In 2024, CISA introduced the Secure by Design initiative to improve the security of software of all types. Fortra is pleased to join the hundreds of software developers who have signed the Secure by Design Pledge in an effort to shift the mindset and everyday practices regarding how security is incorporated throughout the software development lifecycle.
What Is CISA's Secure by Design?
CISA launched Secure by Design to encourage developers of software products and services to build security into their offerings as a foundational element, not simply through a set of features. The idea is that incorporating security from the beginning better protects users and businesses by reducing the number of vulnerabilities persistent threat actors can exploit.
Why CISA Is Calling for Secure by Design
CISA notes that the burden of cybersecurity rests with consumers and small organizations who rely on numerous forms of software to conduct daily business and life activities. These entities are not equipped to manage the complexities of cybersecurity in today’s multifaceted threat environment and look to their software providers for guidance. Secure by Design seeks to provide this by enabling software users and businesses to increase their trust in their essential software applications’ ability to protect against cyberattacks and data breaches.
What Does “Secure” Mean?
In the context of Secure by Design, security is achieved when products are available out-of-the-box with security as a default development concept. This means the developer is thinking actively about the user/customer’s security experience as a business requirement versus a nice-to-have. The goal is that by the time a product is introduced to the market for general use, the incidence of flaws that can be exploited has been minimized. Essentially, this shifts the burden of security from the user to the developer.
Why Secure by Design Is Important to Fortra
At Fortra, we are aligned with the Secure by Design philosophy as a roadmap for future development and as a guide toward enhancing existing solutions. Our customers look to us for products and services they can trust, and we take this very seriously. By signing the pledge, we’ve embarked on a multiyear journey to continue our dedication to secure software development practices that encompass secure defaults and components. We are also identifying backward-facing improvements as we work to reduce entire classes of vulnerability across the risk spectrum.
Fortra’s Approach to Secure by Design’s Seven Goals:
Secure by Design encompasses seven areas of focus. As a longtime developer of cybersecurity solutions, many of our products and services have been built with these concepts in mind. We are also in the process of auditing our offerings and posting details of our progress on a quarterly basis, so customers understand where we are with improvements. By signing the Secure by Design Pledge, we assert that we are working toward achieving measurable progress for each of the goals below within the next year.
Multi-Factor Authentication (MFA): Securing account and information access using this highly effective two-step credential verification tool across all solutions.
Default Passwords: Eliminating instances of default password use in our products.
Reducing Entire Class of Vulnerability: Scanning our offerings to identify patterns of risk we can eliminate.
Security Patches: Providing timely communication regarding the latest updates and determining barriers to implementing them. Note: Fortra’s SaaS and cloud-hosted environments already receive real-time updates.
Vulnerability Disclosure Policy: Maintaining our existing vulnerability disclosure policy as a Common Vulnerabilities and Exposures (CVE) Numbering Authority.
Common Vulnerabilities and Exposures: Continuing to publish CVEs in a timely fashion. We published five in Q3 of this year.
Evidence of Intrusions: Auditing products to determine the current level of intrusion detection and where improvements should be made.
From Fortra CISO Chris Reffkin:
“Signing CISA’s Secure by Design Pledge is additional evidence that Fortra is our customers’ cybersecurity ally. Our commitment is to ensure that all new and prior development is evolving toward a secure by design and secure by default stature. We’re proud to have already made progress in several areas to help our customers reduce vulnerability and risk.”
Learn More About Fortra’s Commitment to Secure by Design
Go in depth on Fortra’s progress toward Secure by Design’s seven goals and learn more about our approach to the pledge.
