Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?
In April 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and a host of international cybersecurity partners produced joint guidance on achieving secure-by-design software as a follow-up to President Biden’s May 2021 cybersecurity executive order.
In the last two years of the Biden administration, CISA made secure-by-design a cornerstone of its software security efforts, aiming to decrease preventable flaws in software products before they reach the market. “More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation,” then-CISA Director Jen Easterly said when announcing that 68 leading software providers had signed the agency’s Secure by Design pledge.
Despite CISA’s initial hopes for its initiative, last week Lauren Zabierek and Bob Lord, two architects of the program, announced they are leaving CISA, amid ongoing DOGE-related staff cuts, sparking speculation that Secure by Design is dead.
Read more at CSO