News reaction: Multitude of tech firms sign pledge to build security in software

Today, in a notable step forward for the Biden Administration's National Cybersecurity Strategy (CISA), 63 companies including tech giants Microsoft, AWS and Cisco signed a pledge drafted by the U.S. Cybersecurity and Infrastructure Security Agency to build stronger security into their software from the start of development.

Under the voluntary pledge, companies commit to support the secure by design initiative, incorporating seven critical cybersecurity best practices into the development cycle of their products. From building and managing disclosure programs for software vulnerabilities, making patches easier to install by customers, tracking intrusions by hackers, mitigating flaws across common areas in software design, reducing the use of default passwords and enabling multifactor authentication across products as standard.

Commenting on the news, NCC Group's North American Market Lead, Jim Jordan, said: "In our recent report 'Digital Dawn: Cyber Security Policy in the Wake of Political Change', we've discovered that the public expects governments to take decisive action in securing the services and technology we all rely on.

"There's a growing global consensus that responsibility should rest with those most capable of preventing bad outcomes, rather than burdening end-users. Governments are now leveraging secure-by-design and secure-by-default practices to protect citizens' participation in the digital society.

"While today's announcement from CISA is a positive step, global businesses still grapple with a complex web of standards and regulations. To enhance cyber resilience, we advocate for 21st-century cyber rules that clearly define responsibilities, harmonize regulations across countries and sectors, and are rigorously enforced."