HomeCII/OTLenovo Joins CISA's Secure By Design Pledge

Lenovo Joins CISA’s Secure By Design Pledge

Published on

spot_img

Lenovo has taken a significant step towards enhancing cybersecurity by joining the Secure by Design pledge initiated by the US Cybersecurity and Infrastructure Security Agency (CISA). This move, announced on May 8th, signifies a collaborative effort among industry leaders to elevate security standards across various technology sectors.

The Secure by Design pledge focuses on critical aspects of enterprise technology, encompassing software products and services, on-premises solutions, cloud services, and SaaS features. By committing to this pledge, companies like Lenovo aim to make tangible progress in seven core focus areas, including multi-factor authentication, default password protocols, vulnerability reduction, security patching, vulnerability disclosure policies, common vulnerabilities and exposures (CVE), and intrusion evidence.

Doug Fisher, Lenovo’s Chief Security Officer, expressed strong support for the pledge, emphasizing the importance of industry-wide collaboration in strengthening cybersecurity frameworks. Fisher highlighted the value of sharing best practices among global technology leaders to drive meaningful progress and accountability in security.

Lenovo’s dedication to the Secure by Design pledge aligns seamlessly with its existing security protocols. The company has established a robust security infrastructure that includes best-in-class practices in product development, supply chain management, and privacy initiatives. This includes implementing the Security Development Lifecycle, maintaining a vigilant Product Security Incident Response Team (PSIRT), and enforcing stringent global supply chain security measures.

Fisher noted that Lenovo’s commitment to the pledge extends beyond geographical boundaries and benefits all global customers facing similar security challenges addressed by CISA. This reflects Lenovo’s global perspective towards enhancing cybersecurity on a broader scale.

Lenovo’s proactive approach positions it as a pioneer among the initial group of 68 companies that have pledged to support the Secure by Design initiative. These companies range from tech giants like Amazon Web Services, Cisco, Google, IBM, Microsoft, Palo Alto Networks, to cybersecurity specialists such as Claroty, CrowdStrike, and Sophos. All these companies have endorsed the pledge, underscoring their commitment to advancing security measures in enterprise software realms.

The Secure by Design pledge underscores a voluntary commitment to advancing security measures within the enterprise software space, aligning with CISA’s overarching principles. While physical products like IoT devices and consumer goods are not part of the pledge’s scope, participating companies pledge to diligently pursue the outlined goals over the next year.

Moreover, the pledge promotes radical transparency by encouraging manufacturers to publicly document their progress and challenges encountered. This fosters a culture of accountability and knowledge sharing within the cybersecurity domain. By acknowledging the diversity of approaches, the pledge empowers software manufacturers to create tailored strategies for their product portfolios. Companies that surpass the outlined goals are encouraged to share their methods, fostering a culture of continuous improvement and innovation.

In conclusion, Lenovo’s decision to join the Secure by Design pledge demonstrates its commitment to enhancing cybersecurity measures and collaborating with industry peers to elevate security standards across the technology sector. This collective effort signifies a proactive approach towards fortifying cybersecurity frameworks and fostering a culture of transparency and accountability within the industry.

Source link

Latest articles

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...

The Challenge of CVE Incentives

In the realm of cybersecurity, the issue of software vulnerabilities is becoming increasingly challenging...

More like this

Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access

A critical vulnerability in Fortinet's FortiSIEM product has recently been exploited, raising concerns about...

Microsoft reveals North Korea’s Moonstone Sleet

Microsoft Threat Intelligence teams recently made a significant discovery regarding a new hacker collective...

AI, Deepfakes, and Digital ID in Corporate Cybersecurity: Exploring the Emerging Frontier

The emergence of deepfakes has sparked a new wave of concern in the cybersecurity...
en_USEnglish