Skip to content
SPECIAL

THREATS TO CRITICAL INFRASTRUCTURE IN IRAN CONFLICT

READ MORE

Secure by Design is likely dead at CISA. Will the private sector make good on its pledge?

Chris Wysopal wraps up his talk with Jason Healey on Secure by Design at the RSA Conference in San Francisco on April 28, 2025. They discussed where companies are making progress and where they’re not. (Veracode)

By Cynthia Brumfield

In April 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation, and a host of international cybersecurity partners produced joint guidance on achieving secure-by-design software as a follow-up to President Biden’s May 2021 cybersecurity executive order.

In the last two years of the Biden administration, CISA made secure-by-design a cornerstone of its software security efforts, aiming to decrease preventable flaws in software products before they reach the market. “More secure software is our best hope to protect against the seemingly never-ending scourge of cyberattacks facing our nation,” then-CISA Director Jen Easterly said when announcing that 68 leading software providers had signed the agency’s Secure by Design pledge.

Despite CISA’s initial hopes for its initiative, last week Lauren Zabierek and Bob Lord, two architects of the program, announced they are leaving CISA, amid ongoing DOGE-related staff cuts, sparking speculation that Secure by Design is dead.

Read more at CSO

Click to listen highlighted text!