Socket Partners with CISA to Champion 'Secure by Design' Standards

Socket is joining the Cybersecurity and Infrastructure Security Agency’s (CISA) leadership today to sign the Secure by Design pledge at the RSA Conference.

CISA’s Secure by Design initiative advances the concept that products should have security of the customers as a core business requirement, not just a technical feature. The principles are ideally implemented during the design phase of a product’s development lifecycle to reduce exploitable flaws before they are introduced to the market, with security features available to consumers at no additional cost.

The pledge calls enterprise software products and services to meet a higher standard of security based on seven goals. These include expanding multi-factor authentication, reducing default passwords, reducing entire classes of vulnerabilities, increasing the installation of security patches, enacting a public vulnerability disclosure policy, providing transparency in CVE reporting, and improving access to logs for cybersecurity incidents.

“Socket is thrilled to endorse the Secure by Design Pledge which we see as a vital step toward strengthening security across the software industry,” Socket CEO Feross Aboukhadijeh said.

“We recognize the pressing need for substantial, industry-wide standards that truly enhance security, rather than simply ticking boxes. This pledge aligns with our own rigorous security practices and represents what we believe every software organization should strive for. We urge our peers who share our commitment to security to join us in this crucial initiative.”

By participating in this pledge Socket is committing to make measurable progress towards meeting and exceeding the goals identified in this initiative and publicly documenting the process.

As Socket is on the front lines of securing open source packages against supply chain attacks, we fully support the adoption of security measures that get implemented in the early stages of development. Lack of proper ownership for security outcomes leads to a reactive policy where security gets bolted on as an afterthought.

This pledge urges technology providers and software developers to shift to a more proactive approach that incorporates security measures directly into the development pipeline. It’s a response to the increasing number of software vulnerabilities and the growing recognition of the fragility of our supply chains without more consistent adoption of security best practices.

Socket joins Microsoft, Google, Amazon's AWS, Cisco, and other industry leaders today in committing to refining our approaches to building safe and secure software, guided by the principles that underpin Secure by Design.