As we shared in our latest F5 State of Application Strategy (SOAS) report, complexity is common and pervasive for today’s organizations. IT professionals are struggling to manage multicloud environments and complex tooling solutions, which has led to sprawling operational challenges. This current reality was reinforced in the conversations at our annual AppWorld conference and subsequent events we have held across the globe over the past several months. As organizations juggle these challenges, it is imperative they align their IT strategy with solutions built with strong security controls.
That is why we’re continuing to partner with the Cybersecurity & Infrastructure Security Agency (CISA)—and it’s why F5 has joined the more than 150 companies that have taken CISA’s Secure by Design pledge. Launched at the RSA Conference earlier this year, the pledge reinforces the work we are already doing as a security company to best serve our customers and partners.
What is the CISA Secure by Design pledge?
The CISA Secure by Design pledge is a voluntary pledge focused on enterprise software products and services, including on-premises software, cloud services, and software as a service (SaaS). By participating in the pledge, software manufacturers are agreeing to make a good faith effort to work towards the seven goals listed below across their products within one year of signing the pledge:
- Multi-factor authentication (MFA): Measurably increase the use of multi-factor authentication.
- Default passwords: Show measurable progress towards reducing default passwords.
- Reducing entire classes of vulnerability: Achieve a significant reduction in the prevalence of one or more vulnerability classes.
- Security patches: Measurably increase the installation of security patches by customers.
- Vulnerability disclosure policy: Publish a vulnerability disclosure policy (VDP) that authorizes testing by members of the public on products, commits to not recommending or pursuing legal action against anyone engaging in good faith efforts to follow the VDP, provides a clear channel to report vulnerabilities, and allows for public disclosure of vulnerabilities in line with coordinated vulnerability disclosure best practices and international standards.
- Common Vulnerabilities and Exposures (CVEs): Display transparency in vulnerability reporting by including accurate Common Weakness Enumeration (CWE) and Common Platform Enumeration (CPE) fields in every CVE record for products—and issue CVEs in a timely manner, especially for critical or high-impact vulnerabilities.
- Evidence of intrusions: Achieve a measurable increase in the ability for customers to gather evidence of cybersecurity intrusions affecting products.
How the pledge aligns with F5’s product and services strategy
Our portfolio is designed to solve our customers’ most difficult hybrid and multicloud pain points. That falls flat if we do not deliver on security. The CISA Secure by Design pledge reinforces a level of security that our customers and partners should already expect. After all, don’t we have enough to deal with in the current threat landscape?
To learn more, read the full CISA Secure by Design pledge.
Related Blog Posts
F5 accelerates and secures AI inference at scale with NVIDIA Cloud Partner reference architecture
F5’s inclusion within the NVIDIA Cloud Partner (NCP) reference architecture enables secure, high-performance AI infrastructure that scales efficiently to support advanced AI workloads.
F5 Silverline Mitigates Record-Breaking DDoS Attacks
Malicious attacks are increasing in scale and complexity, threatening to overwhelm and breach the internal resources of businesses globally. Often, these attacks combine high-volume traffic with stealthy, low-and-slow, application-targeted attack techniques, powered by either automated botnets or human-driven tools.
F5 Silverline: Our Data Centers are your Data Centers
Customers count on F5 Silverline Managed Security Services to secure their digital assets, and in order for us to deliver a highly dependable service at global scale we host our infrastructure in the most reliable and well-connected locations in the world. And when F5 needs reliable and well-connected locations, we turn to Equinix, a leading provider of digital infrastructure.
Volterra and the Power of the Distributed Cloud (Video)
How can organizations fully harness the power of multi-cloud and edge computing? VPs Mark Weiner and James Feger join the DevCentral team for a video discussion on how F5 and Volterra can help.
Phishing Attacks Soar 220% During COVID-19 Peak as Cybercriminal Opportunism Intensifies
David Warburton, author of the F5 Labs 2020 Phishing and Fraud Report, describes how fraudsters are adapting to the pandemic and maps out the trends ahead in this video, with summary comments.
The Internet of (Increasingly Scary) Things
There is a lot of FUD (Fear, Uncertainty, and Doubt) that gets attached to any emerging technology trend, particularly when it involves vast legions of consumers eager to participate. And while it’s easy enough to shrug off the paranoia that bots...