Statements of Support for the Secure by Design Pledge

CISA’s Secure by Design pledge is a voluntary pledge for enterprise software products and services, in line with CISA’s Secure by Design principles. The following are statements of support for the pledge.

Disclaimer

CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services referenced or linked to on this page. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.

The Secure by Design pledge is a voluntary pledge. CISA does not enforce nor verify adherence to the pledge.

Pledgees

Itzhak Assaraf, CTO and Founder, 1touch.io

"At 1touch.io, we staunchly advocate for the CISA Secure by Design principles, which perfectly align with our core mission to enhance data security and privacy. Our proactive approach reduces the attack surface by eliminating unnecessary storage of sensitive data, thereby boosting security and simplifying compliance. By embedding these principles into our technology and culture, we ensure robust, preemptive security across all operations by providing contextual visibility and orchestrating prioritized actions to protect our clients' critical assets.”

Nadir Izrael, CTO and Co-Founder, Armis

"Armis enthusiastically supports the CISA Secure by Design pledge. It is important now, more than ever, that we all work together to provide the transparency, accountability and action necessary to create an ecosystem of trust and dependability for users of our technologies."

Jason Kikta, CISO/Senior VP of Product, Automox 

"Today’s diverse blend of on-premise, hybrid, and cloud architectures has led to a shift in exploitation tradecraft. Malicious actors benefit from too many vendors using cloud services as a way to obfuscate vulnerabilities. Those same vendors also seek to maximize revenue by turning security imperatives, like multifactor authentication and logs, into profit centers. The Secure by Design Pledge gives the market an objective mechanism to determine which vendors are acting as responsible partners."

Chris Betz, Chief Information Security Officer, AWS

“From day one, we have pioneered secure by design and secure by default practices in the cloud, so AWS is designed to be the most secure place for customers to run their workloads. We are committed to continuing to help organizations around the world elevate their security posture, and we look forward to collaborating with CISA and other stakeholders to further grow and promote security by design and default practices.” 

Dimitri Sirota, CEO and Co-Founder of BigID 

"BigID is thrilled to participate in the Secure by Design pledge and their support for CISA’s Secure by Design principles: as an enterprise-ready solution, it's more critical than ever for organizations to adopt security by design and enterprise security like BigID in their environments to protect their enterprise, customer, and IP data to comply with today's evolving regulatory environment, protect against data breaches, and improve their security posture across their data landscape."

Marjorie Dickman, Chief Government Affairs and Public Policy Officer, BlackBerry 

"As a global leader in cybersecurity and secure software, BlackBerry is committed to developing Secure by Design products that protect our government and enterprise customers against ever-evolving cyber threats. We applaud CISA’s continued leadership in defending our nation in cyberspace and are honored to sign the Secure by Design pledge. With this pledge, BlackBerry looks forward to continued partnership with CISA focused on strengthening America’s digital ecosystem with the most advanced cybersecurity solutions."

Matt Moore, CTO and Co Founder, Chainguard 

"Secure-by-design principles are core to Chainguard’s mission and how we build our security infrastructure. I applaud CISA’s efforts to promote best practices to build secure software from the start, not after the fact. While this pledge is an important step, there are more actions organizations large and small need to take to ensure they are taking responsibility and accountability for providing secure products and outcomes. Today marks an important milestone, but now collectively we all need to go beyond commitments and focus on the right outcomes."

Anthony Grieco, Chief Security & Trust Officer, Cisco

"Cisco is pleased to sign the pledge developed collaboratively by CISA with industry leading technology companies to promote widespread adoption of secure by design and default principles. This pledge underscores the importance of many practices Cisco has been advancing via our Secure Development Lifecycle. The content of the pledge is important and we are pleased that public-private collaboration is a fundamental part of it. This allows us to bring the best minds together to share knowledge and effectively address this increasingly important global issue."  

Grant Geyer, Chief Product Officer, Claroty

"At Claroty, we envision a future where the cyber and physical worlds safely connect to sustain our lives. However, so many risks exist in cyber-physical systems that have the potential to create cascading risks to national security, economic security, and public safety. The good news is that entire classes of risk can be addressed with the common sense goals laid out in the Secure by Design pledge. While Claroty already meets or exceeds most of these goals, we pledge to lead by example and continue making marked improvements across these and other objectives."

Nitin Rao, Chief Product Officer, Cloudflare

"Cloudflare has long believed that security should be built into products from the ground up and that security tools should be available and accessible to everyone. We consider product security an integral part of our DNA, and it shows in our work daily — from how we proactively address known vulnerabilities before they can be exploited, to open sourcing our proxy built in memory safe Rust to help improve security across the industry. We’re proud to sign the pledge and encourage the enterprise software industry as a whole to implement design changes that help make a better, safer Internet."

Dmitry Raidman, CTO & Co-Founder, Cybeats

"In a world where digital security is paramount and requires continuous commitment, our pledge to Secure by Design is about building trust in every layer of our technology."

Juraj Malcho, Chief Technology Officer, ESET 

"For over three decades, ESET has designed software for consumers and businesses using secure by design principles. We are pleased to sign CISA’s pledge, which brings leading technology companies together to ensure that future innovation is built with security and privacy at the point of inception, at its very core."

Petko Stoyanov, Vice President of Product Strategy, Everfox

"At Everfox, we take immense pride in our role in serving our customers’ high-consequence missions with innovative, secure solutions. We enable operations in the dynamic cyber landscape through advanced cross-domain, threat protection, and insider risk management. By pledging to Cybersecurity & Infrastructure Security Agency (CISA)'s Secure by Design initiative, we reinforce our commitment to securing critical infrastructure and fostering a resilient, high-assurance future."

Matt Wyckhouse, CEO, Finite State 

"Embracing a 'secure by design' philosophy is vital for protecting both our nation’s critical infrastructure and the everyday digital products that consumers rely on. As connected devices become increasingly embedded in every aspect of our lives, from healthcare to home security, the principles of 'secure by design' are essential in preempting and mitigating potential security threats. This approach not only fortifies the resilience of essential services but also bolsters consumer trust, ensuring a safe and secure digital environment for all." 

Kevin O’Leary, SVP of Engineering and Chief Product Officer, Forescout

“Cybersecurity has ascended to a level of importance that leads product development and research, as well as our commercial practices. This heightened level of awareness drives our continuous improvements in secure design, and I look forward to helping CISA extend its leadership role as the brand that facilitates this adoption through standards and education.”  

Jim Richberg, Head of Cyber Policy and Field CISO at Fortinet 

"Signing CISA’s Secure by Design Pledge reaffirms Fortinet’s longstanding commitment to a culture of responsible radical transparency to strengthen the security of our customers and industry at large. This initiative strongly aligns to Fortinet’s existing product development processes that are already based on secure-by-design and secure-by-default principles. We encourage others in the information technology community to adopt these secure-by-design goals and join this effort to keep organizations and end users secure."

Chaim Mazal, Chief Security Officer at Gigamon

"At Gigamon, we’re focused on helping our customers secure and manage their hybrid cloud infrastructure. We fully support and embrace secure-by-design principles and are honored to join together with other enterprise software leaders to sign the Secure by Design Pledge here at RSA. Our commitment to delivering products that are developed using secure-by-design principles that reduce risk for our customers is at the core of everything we do, and we applaud CISA for raising the bar across the industry."

Jacob DePriest, VP, Deputy CSO at GitHub 

"We all have a role to play in building a more secure future. GitHub has long been committed to ensuring the security of our platform, products, and community through efforts like 2FA enrollment requirements, providing free security tooling for open source developers, and our role as a CVE Numbering Authority (CNA). We’re proud to be a part of this pledge, knowing that increased alignment and transparency around shared goals will ultimately raise the bar for cybersecurity."

Josh Lemos, CISO, GitLab 

"The Secure by Design concepts are well-aligned with GitLab's core values. As the most comprehensive AI-powered DevSecOps platform, GitLab offers its unwavering support towards CISA’s efforts to instill a Secure by Design mindset in software manufacturers. GitLab is proud to make the Secure by Design Pledge, and we firmly believe these efforts will help us enable everyone to innovate and succeed on a safe, secure, and trusted DevSecOps platform."

Heather Adkins, Vice President and Cybersecurity Resilience Officer, Google 

“Secure by design has been the cornerstone of Google's security work from the very beginning. It's a concept built around the guiding principle of the safety and security of our enterprise customers and end-users. We're thrilled to be joining forces with CISA and our industry peers to further amplify secure by design and make people safer online.” 

Fidelma Russo, Executive Vice President and General Manager, Hybrid Cloud and Chief Technology Officer, Hewlett Packard Enterprise 

“HPE applauds CISA’s leadership in improving the nation’s cybersecurity. This pledge builds on the previous initiatives such as Software Bill of Materials, Secure Software Development Framework, and CISA Secure Software Development Attestation. HPE is proud to make the pledge to reaffirm our commitment and leadership in this area by continuing to make Secure by Design a standard in HPE’s enterprise products and services.” 

Malcolm Harkins, Chief Security and Trust Officer, HiddenLayer 

"Often, creators of new technology kick the can down the road on security in the name of innovation, ultimately putting customers and society at risk. At HiddenLayer, we understand the Security for AI solutions we create will only be as strong as the security practices we maintain for our products and operations. We proudly announce our pledge to CISA's Secure by Design goals to further our mission to accelerate the adoption of AI securely."

Todd Gustafson, President, HP Federal 

"HP has a longstanding commitment to integrating cybersecurity as a key ingredient in our products, and we believe security should never be a trade-off. We applaud CISA for raising the bar and encouraging the technology industry to embrace secure by design principles."

Roger Koehler, Chief Information Security Officer, Huntress 

"Huntress is proud to participate in the Secure by Design effort to ensure a secure application is available to the masses, not just the 1% who can afford it as an addon."

Jamie Thomas, General Manager, Technology and Lifecycle Services and IBM Enterprise Security, IBM 

"Embedding security into the design of our products and services is core to IBM’s software development culture. IBM supports CISA’s voluntary Secure by Design Pledge to better defend against ever-evolving cyber threats and aid in reducing risk to our nation’s critical infrastructure. IBM has long said that improving security is primarily a matter of improving execution, not developing new interventions and SbD is an example of this practice.  Together as an industry, we can build trust and confidence in our nation’s computing infrastructure."

Ian Curry, Chief Business Officer, InfoSec Global

"As a market leader in cryptography discovery and agile cryptography management, InfoSec Global is committed to the principles of Secure by Design. Delivering a high quality, secure platform to our customers is our most important objective."

Jeff Abbott, CEO, Ivanti

"Ivanti recognizes in today’s aggressive threat landscape every software provider must aggressively pursue the Secure-by-Design framework. We dove deep into how to apply Secure-by-Design principles more aggressively at Ivanti and welcome the opportunity to make a public declaration about how seriously we take our role of enabling and securing everywhere work for organizations globally. Signing the Secure by Design pledge underscores Ivanti’s commitment to protecting and supporting our customers and ensuring our organization remains vigilant in the evolving threat landscape."

Jonathan Yaron, CEO, Kiteworks 

"Kiteworks is proud to take the Secure by Design pledge and join CISA's efforts to enhance cybersecurity across the software ecosystem. By embracing secure development practices and prioritizing the protection of our customers, we aim to set a strong example in the industry. We look forward to collaborating with CISA and other pledge participants to create a more secure digital future."

Doug Fisher, SVP and Chief Security Officer, Lenovo 

"We applaud CISA’s initiative to drive an industry ‘secure by design’ pledge and welcome the opportunity to align our own well-established security by design process with other industry best practices. It’s critical that global technology leaders come together to drive meaningful progress and accountability for the key issues across the breadth of security. We look forward to demonstrating our continued leadership and progress in this area and working with CISA to ensure that end users can be confident in the safety, trust, and integrity of the technology they are using."

Daniel Bardenstein, CTO, Manifest 

"Manifest is proud to announce our participation in CISA's 'Secure By Design' pledge.  These security principles - coupled with standards such as SBOM that CISA has championed for years - provide a solid foundation for companies of any size to build more secure software.  We applaud CISA for advancing secure-by-design principles and for pushing software companies to make their products more secure and resilient.  Ultimately, these actions will make our institutions, people, and country more safe and secure." 

Bret Arsenault, Corporate Vice President and Chief Cybersecurity Advisor, Microsoft 

"Microsoft is delighted to join CISA’s Secure by Design pledge and other signatories to strengthen the cybersecurity and resilience of the ecosystem.  This builds on the ongoing public / private partnerships we believe drive systemic change and improvements globally. Microsoft’s commitment builds on the company’s longstanding thought leadership on cybersecurity and this body of work closely aligns with Microsoft’s Secure Future Initiative which has security by design as its core principle. The use of responsible AI in the 2023-2024 CISA Roadmap for AI and the NIST Cyber Security Framework are additional examples of how working together we can build a safer world for all."

Kristen Verderame, Vice President of Global Government Relations, NetApp

“As Chair of the IT Sector Coordinating Council (ITSCC), I would like extend my sincere thanks to CISA for its collaborative partnership with the ITSCC in development of the Secure-by-Design Pledge. We strongly support the principles behind ‘Secure-by-Design’ as well as efforts of CISA and other governments around the world to encourage critical infrastructure providers to adopt the highest standards of software security.” 

Martin Westhead, CTO, NETGEAR

"As a pioneer and leader in providing high-performance, secure networking products and services, NETGEAR has always been dedicated to the safety and privacy of our end users. We are proud to join CISA in the Secure by Design effort to demonstrate our continued commitment to ensuring customers and partners trust the safety of the technology they rely on most."

David Bradbury, Chief Security Officer, Okta 

"Identity-based attacks have become a top method for nation-state hackers and cybercriminals. Okta is taking the steps needed to strengthen our security efforts in all areas, and we are proud to be signing CISA's Secure by Design pledge."

Sanford Reback, Vice President, Public Policy & Government Affairs, Palo Alto Networks

"At Palo Alto Networks, the security of our customers and the integrity of our products are our highest priorities. Palo Alto Networks applauds CISA's commitment to transparency and the spirit of shared responsibility among providers of software products and services, and we look forward to working with companies across the industry to achieve the goals set forth in the Secure by Design pledge."

Patrick Joyce, Resident CISO, Proofpoint 

“We applaud CISA’s Secure by Design initiative, encouraging the industry to prioritize the security of technology solutions from the beginning of the development process. This not only safeguards people and their information, but also fosters trust and confidence in the technology we all rely on every day. The concept of ‘ship fast and fix later’ is akin to adding duct tape to a leaky pipe, leading to far too many serious incidents that have robbed consumers of their private information, organizations’ IP and sensitive data, and intelligence from our government. We firmly believe that building security into the foundation of our software and services is of paramount importance, and we are proud to adhere to CISA’s Secure by Design framework.” 

Jonathan Trull, CISO & SVP Security Solution Architecture, Qualys 

“Qualys is firmly committed to CISA’s Secure by Design Pledge. As an organization that prioritizes our customers, it's deeply embedded in our values to not only meet but exceed secure by design standards, as well as those of our clients. We envision a future where security is not an afterthought but rather a foundational element where every line of code reflects our unwavering commitment to innovation with responsibility.” 

Craig Adams, Chief Product Officer, Rapid7 

"As a cybersecurity technology provider, we recognize the combined urgency of maintaining the highest standards in secure software development and taking as much of the onus for threat detection and response off the customer as possible. That’s why Rapid7 is proud to take the Secure by Design pledge."

Tarah Wheeler, CEO, Red Queen Dynamics 

"We're proud to have answered CISA's call to make software which is Secure by Design — in part through the use of memory-safe languages like Rust. As a SaaS company serving the security and compliance needs of small & medium business and their managed service providers, we're well aware that the vast majority of software vulnerabilities are attributable to memory unsafety. That's why we're thrilled to be able to build Red Queen Dynamics in Rust wherever possible, meeting and exceeding our obligation to protect our clients' sensitive business information as we make it easy for them to build out security and comply with major cybersecurity frameworks like CMMC or those from NIST, as well as getting the best rates on cybersecurity insurance. We're happy to do our part to provide secure and accessible tools to American businesses and contribute to a safer and more robust cyber ecosystem across the nation."

Alex Levinson, Head of Security, Scale AI 

“Scale AI is committed to advancing the security of AI technologies, recognizing that robust security is foundational to trust and efficacy in the AI solutions we help develop. By signing the Secure by Design pledge, we affirm our dedication to enhancing security measures across our operations and products, ensuring that our partners and clients benefit from the highest standards of data protection and system integrity. This pledge aligns perfectly with our mission to lead by example in the responsible and secure development of AI technologies.” 

Wendy Thomas, CEO, Secureworks

“We are entering a new paradigm of trust and security. Navigating this will require an industry wide imperative to establish cybersecurity as part of the central nervous system for all businesses. The Secure by Design Pledge will further galvanize our collective defense and we’re honored to support it."

Ram Movva, CEO and founder, Securin 

"CISA's Secure by Design Pledge is another crucial step in the unified front against the rising threat of cyberattacks our country continues to face. Amidst state-backed threats, this pledge and its signatories display and solidify our unwavering commitment to protecting our nation and individual states' safety, intelligence, and livelihoods. Let us commit to fighting the good fight and continue defending our country's cybersecurity as one."

Ric Smith, Chief Product and Technology Officer, SentinelOne

“In today’s rapidly evolving and increasingly complex threat landscape, security cannot be an afterthought. It has to come first. As a vendor of cybersecurity products that tens of thousands of organizations rely on to keep their organizations safe, we believe it is our ethical duty to design products with a security-first mindset and to uphold the highest standards in delivering them, and in signing the Secure by Design Pledge, we are signaling our commitment to doing so.”

Feross Aboukhadijeh, CEO, Socket Security 

"Socket is thrilled to endorse the Secure by Design Pledge which we see as a vital step toward strengthening security across the software industry. We recognize the pressing need for substantial, industry-wide standards that truly enhance security, rather than simply ticking boxes. This pledge aligns with our own rigorous security practices and represents what we believe every software organization should strive for. We urge our peers who share our commitment to security to join us in this crucial initiative."

Brian Fox, CTO and Co-Founder, Sonatype

“Signing the Secure by Design pledge was a no-brainer for us at Sonatype. We’ve been practicing, and evangelizing in the direction of, the items in the pledge for years. I applaud CISA’s leadership in establishing these clear and comprehensive guidelines and believe that they are crucial for raising the industry standards and fostering a more secure software ecosystem.” 

Ross McKerchar, CISO, Sophos

“We are all part of a tightly connected digital supply chain and trust in the technology vendor ecosystem is critical for our collective security.  In order to build trust, transparency about what we do and how we protect our customers is essential. Transparency has long been a cornerstone of Sophos’s philosophy, so we are pleased to be a part of CISA's initiative and look forward to sharing details on how we are doing our part."

Robert Huber, Chief Security Officer, Tenable 

"Security by design is key for safeguarding the broader ecosystem, ensuring that cybersecurity is integrated into the very foundation of technology products. By incorporating security practices from the outset, rather than bolting on later, organizations can save valuable time and resources, while improving their cyber hygiene and protecting their assets. Identifying vulnerabilities early in secure development environments further strengthens this approach. It enables proactive identification and mitigation of potential risks throughout the cybersecurity lifecycle and provides comprehensive insight into an organization’s attack surface."

Haig Colter, Director, Alliances, ThreatQuotient 

"CISA's Secure by Design program is a win-win for everyone. It helps software companies deliver more secure products, and it gives consumers the peace of mind knowing they are using software that is built with security in mind."

Dan Vigdor, Founder / Co-CEO / Executive Chairman, ThriveDX 

"ThriveDX is proud to participate in the CISA Secure by Design Pledge, affirming our commitment to enhancing cybersecurity through deliberate and proactive measures in our enterprise training software products and services. As a global leader in cybersecurity and AI training, we partner with academic institutions, enterprises, government, and non-profit organizations to provide access to all communities and help place them in lucrative tech and cyber careers. We have proudly partnered with hundreds of global enterprises to unlock growth creating a more resilient and equitable future to help close the huge skills gap which further protects our enterprises, our country, and our way of life."

Donald Fischer, CEO and Co-founder, Tidelift

"Open source software is at the heart of all modern software applications, so proactively securing it is essential. Tidelift is proud to make the Secure by Design pledge, and to continue our work with the independent open source maintainers behind over 5,000 community-developed projects to help other organizations ensure the third party open source packages incorporated into their products are Secure by Design as well."

Harold Rivas, CISO, Trellix 

"Cybersecurity is a national and business imperative. This pledge to align the private and public sectors in ensuring cybersecurity is addressed at all stages and levels of software development is another step toward a safer future." 

Christina Cacioppo, CEO, Vanta 

"Our mission is to secure the internet. Our strategy is to help companies invest in security earlier and more fulsomely than they might otherwise by tying security to revenue. CISA's Secure by Design pledge makes it easier for software companies to implement best practices that raise the bar and protect customer data. We're honored to sign on to the pledge and build toward a more secure future."

Chris Wysopal, Co-founder and CTO, Veracode

"CISA’s Secure by Design pledge is a strong, pragmatic step forward in its commitment to work with the industry to materially reduce exploitable flaws in products our citizens use. Secure by design is an important and game changing cybersecurity standard for the whole network connected world. Veracode is proud to be among the leading companies making its pledge today and continuing its commitment to raising the bar on cybersecurity by working closely with the government and industry partners to promote widespread adoption of secure by design principles."

Dr. Joye Purser, Field CISO at Veritas Technologies

“Veritas shares CISA’s goals to manage and reduce cyber risks. We put that into practice every day through an unwavering commitment to secure-by-design and secure-by-default principles in the development and management of our industry-leading data resiliency software and appliances. We believe that by signing the Secure by Design Pledge, we can set an example for others to follow that should ultimately make our nation’s infrastructure safer for everyone.”  

Deepen Desai, Chief Security Officer, SVP Security Engineering & Research, Zscaler 

"We applaud CISA’s focus on significantly improving software security and the holistic approach the Secure by Design Pledge takes to create a partnership toward meaningful progress between industry and government in the next year.  As part of our continued cybersecurity leadership, Zscaler is steadfast in our ongoing commitment to the principles as outlined in the pledge to promote best practices and standards that strengthen security across enterprises, governments and all technology users around the world."

Other Supporters

Bob Hiss, Global Lead, Products and Platforms, Accenture Technology

"At Accenture, security is foundational to our product design and development approach. Software manufacturers who support Secure by Design and Secure by Default practices not only help their customers, but also contribute to a more secure digital ecosystem. We commend CISA for their leadership in providing actionable goals for technology vendors."

Brian Neely, CIO and CISO, AMERICAN SYSTEMS  

"As a company deeply committed to the highest standards of national security, cybersecurity, and technological excellence, AMERICAN SYSTEMS proudly endorses the Cybersecurity and Infrastructure Security Agency's (CISA) Secure By Design Pledge. We recognize the critical importance of integrating robust security measures right from the conceptual and developmental phases of products, services, and systems. The Secure By Design initiative by CISA embodies a forward-thinking framework that aligns seamlessly with AMERICAN SYSTEMS' commitment to innovation, security, and excellence."

Apple

"Apple supports efforts to improve information security, and we congratulate CISA for taking this important step forward by bringing enterprise software makers together in this pledge."

Jeff Greene, Senior Director, Cybersecurity Programs, Aspen Digital 

"Kudos to CISA for attacking the root causes of pervasive vulnerabilities, not just treating the symptoms.  Bonus points for developing a holistic pledge that goes beyond lofty goals and has concrete process improvements, transparency, and other functional examples of what developers can do to be secure by design."

J. Michael Daniel, President & CEO, Cyber Threat Alliance

“We have known for a long time that bolting on security after the fact does not work nearly as well as building security into a product from the beginning.  So, if we want to increase the security of the digital ecosystem at scale, we need almost all products to be secure by design.  The CISA secure by design pledge lays out some key steps that would move the market in that direction.”

Ari Schwartz, Coordinator, Cybersecurity Coalition

"The ‘Secure by Design Pledge’ is a good step forward by the Cybersecurity and Infrastructure Security Agency (CISA) towards implementation of cybersecurity best practices. In CISA’s process with industry on the pledge, they demonstrated an exemplary ability to listen to, understand, and incorporate our feedback. The Cybersecurity Coalition is happy to see the Pledge’s goals, particularly its focus on promoting multi-factor authentication and on limiting vulnerabilities and exposures. We look forward to continuing to work cooperatively with CISA on projects like this in the future."

Dr. Amit Elazari, CEO and Co-Founder, OpenPolicy 

"Innovative companies stand at the leading edge of creating and deploying security solutions that protect us all. OpenPolicy appreciates the opportunity to support the pledge by connecting innovative companies with policy leaders, and we look forward to continue our close partnership with CISA and the U.S. government as this key effort towards better cybersecurity posture for our nation continues."

Omkhar Arasaratnam, General Manager, Open Source Security Foundation (OpenSSF) 

"The pledge will help improve cybersecurity for downstream consumers. Many of the efforts within the OpenSSF today support the goals CISA is endorsing and we look forward to broad adoption of the pledge across the industry."

Megan Stifel, Chief Strategy Officer, Institute for Security and Technology; Executive Director, Ransomware Task Force 

"IST envisions a world in which consumers no longer bear the burden of ensuring technology products’ security alone–one where a shared responsibility model enables the development of a more digitally sustainable ecosystem. IST welcomes the Secure by Design pledge and looks forward to working with CISA and committed industry partners, including by tracking progress against this pledge and working to further evolve responsible innovation."

Mark Ray, State, Local, Tribal, and Territorial Government Coordinating Council (SLTTGCC) Chair and Director of Public Works, City of Burnsville MN and Mark Dubina, SLTTGCC Vice Chair and Vice President of Security, Tampa Port Authority 

"The security of enterprise software products and services is essential to the ability of SLTT governments to design, build, operate, and maintain essential functions and infrastructure in the communities they serve. The SLTTGCC appreciates CISA’s leadership in this space and recognizes the value of the voluntary pledge that software manufacturers are making by participating in this effort. The seven core criteria of each of the pledge goals will help set a strong foundation for improved cybersecurity posture for SLTT governments. Like CISA, we also want to acknowledge and applaud software manufacturers who already meet or exceed these goals. Together, we will work to support each other in keeping our Shields Up!"

Charly Shugg, Senior Partner and Chief Operating Officer (COO), Sylint 

"Sylint encounters cyber threats from criminal actors to nation states daily. The concept of Secure by Design is a significant step toward improving everyone’s cybersecurity posture. Sylint fully supports CISA and JCDC efforts in leading this collaborative effort."