Fortinet, the global cybersecurity leader driving the convergence of networking and security, announced it is building on the company’s long-standing commitment to responsible radical transparency as an early signer of the Secure by Design pledge developed by the Cybersecurity and Infrastructure Security Agency (CISA). This voluntary industry pledge complements and builds on existing Fortinet software security best practices, including those developed by CISA, NIST, other federal agencies, and international and industry partners. The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet’s product security development.
Advancing Fortinet’s Commitment to Secure by Design Principles and Responsible Disclosure Processes
CISA’s latest initiative strongly aligns to Fortinet’s existing product development processes already based on Secure by Design and Secure by Default principles. Fortinet is committed to adhering to robust product security scrutiny at all stages of the product development lifecycle, helping to ensure that security is designed into each product from inception all the way through to end of life, in the following ways:
Additionally, the Fortinet Product Security Incident Response Team (PSIRT) is responsible for maintaining security standards for Fortinet products and operates one of the industry’s most robust PSIRT programs, including proactively and transparently disclosing vulnerabilities. Nearly 80% of Fortinet vulnerabilities discovered in 2023 were identified internally through the company’s rigorous auditing process. This proactive approach enables fixes to be developed and implemented before malicious exploitation can occur. Fortinet works with its customers, independent security researchers, consultants, industry organizations, and other vendors to accomplish the company’s PSIRT mission.
To further advance its dedication to a culture of responsible radical transparency, Fortinet has a long-standing commitment to public and private partnerships that align to its mission, including:
Responsible Radical Transparency Panel at RSAC 2024
Fortinet will expand on how responsible radical transparency can help strengthen cybersecurity resiliency against cyber adversaries as part of a panel session at RSA Conference 2024 titled “No More Secrets in Cybersecurity: Implementing Radical Transparency.” The session will take place Thursday, May 9, from 10:50 to 11:40 a.m. PT. in Moscone South - 156.
The panel discussion will feature esteemed industry experts, including:
Anyone interested in expanding their understanding and familiarity with these critical topics can register here.