Fortinet reaffirms commitment to secure product development processes
Fortinet reaffirms commitment to secure product development processes
Fortinet, the global cybersecurity leader driving the convergence of networking and security, has announced it is building on the company’s longstanding commitment to responsible radical transparency as an early signer of the Secure by Design pledge developed by the Cybersecurity and Infrastructure Security Agency (CISA).
Fortinet take part in the 2024 RSA, the world's leading cybersecurity conferences which attracts over 41,000 attendees, 650 speakers, 600 exhibitors and 400 members of the media. |
This voluntary industry pledge complements and builds on existing Fortinet software security best practices, including those developed by CISA, National Institute of Standards and Technology, other federal agencies, and international and industry partners.
The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet’s product security development.
“At Fortinet, we have a longstanding commitment to being a role model in ethical and responsible product development and vulnerability disclosure,” Jim Richberg, Head of Cyber Policy and Global Field chief information security officer at Fortinet said at the 2024 RSA, the world's leading cybersecurity conferences and expositions, which closed on May 10.
“As part of this dedication, Fortinet has proactively aligned to international and industry best practices and upholds the highest security standards in every aspect of our business.
“We applaud CISA’s continued call to the industry to follow suit and appreciate CISA’s willingness to collaborate with Fortinet on the development of these important goals. We strongly encourage others in the technology community to join this effort to keep organisations secure.”
CISA’s latest initiative strongly aligns to Fortinet’s existing product development processes already based on secure-by-design and secure-by-default principles.
Fortinet is committed to adhering to robust product security scrutiny at all stages of the product development lifecycle, helping to ensure that security is designed into each product from inception all the way through to end of life.
Additionally, the Fortinet Product Security Incident Response Team (PSIRT) is responsible for maintaining security standards for Fortinet products and operates one of the industry’s most robust PSIRT programmes, including proactively and transparently disclosing vulnerabilities.
Nearly 80 per cent of Fortinet vulnerabilities discovered in 2023 were identified internally through the company’s rigorous auditing process. This proactive approach enables fixes to be developed and implemented before malicious exploitation can occur.
Fortinet works with its customers, independent security researchers, consultants, industry organisations, and other vendors to accomplish the company’s PSIRT mission.
To further advance its dedication to a culture of responsible radical transparency, Fortinet has a longstanding commitment to public and private partnerships that align to its mission.
Fortinet expanded on how responsible radical transparency can help strengthen cybersecurity resiliency against cyber adversaries as part of a RSA Conference 2024’s panel session titled: No More Secrets in Cybersecurity: Implementing Radical Transparency.
“Over and over, across multiple sectors, we have learned that transparency improves outcomes for consumers and society,” Michael Daniels, president and CEO of the Cyber Threat Alliance said.
“The cybersecurity industry is no different. In our sector, transparency includes searching for, mitigating, and disclosing vulnerabilities in an open, responsible manner.
“Fortinet has already taken steps to embrace such responsible transparency, creating a clear set of principles for handling vulnerability communication and analysis. The company’s leadership in this area is a strong example of how cybersecurity vendors should be communicating with customers and the broader public.”
Meanwhile Peter Jennings, director, Strategic Analysis Australia and member of Fortinet's Strategic Advisory Council, shared: “The dedication to a secure-by-design approach to product development is foundational to strong security.
“We see vendors like Fortinet leading the way in following and applying these principles globally, principles which are also outlined in Australia’s Essential Eight framework, as a significant step forward in enhancing our collective security.”
