Today, IBM supported the CISA voluntary Secure by Design pledge to better defend against ever-evolving cyber threats and aid in reducing risk to our nation’s critical infrastructure.
IBM has provided security by design to our clients on the products we sell by integrating security considerations and controls directly into the product development process, from initial design to final deployment. That is why we support this pledge.
We remain committed to building secure software and integrating security considerations throughout our software development life cycle, enhancing consistency, reducing the likelihood of security vulnerabilities and improving overall product robustness. IBM provides its clients, from developers to deployers, with needed tools and controls such as MFA and security logging to create and manage safer enterprise environments. Further with regard to the pledge —
- We commit to continue transparency regarding security vulnerabilities and taking proactive measures to identify and address them. IBM publishes security bulletins detailing affected products, affected versions, and recommended solutions once fixes or mitigations are available IBM.com. Our goal is to help enable our clients to safeguard their systems effectively.
- We commit to continue to provide appropriate documentation to our clients on how to securely use our products. Documentation, however, is only useful if the client actually adheres to the guidance provided. The end user must prioritize the actions and execute, rather than treat the documentation as “nice to do” when convenient.
- We commit to transition to memory safe coding, where appropriate based on the product and underlying technology, to help reduce the vulnerability attack surface of our products.
IBM has long said that improving security is primarily a matter of improving execution, not developing new interventions. Our commitments today are in the spirit of reinvigorating execution. Software development organizations typically don’t need to invent new approaches to solving this problem but instead should focus on using and executing such well-established practices. Together, we can build trust and confidence in today’s computing infrastructure.
Jamie Thomas, General Manager, Technology Lifecycle Services and IBM Enterprise Security Executive Infrastructure
Share this post:
- More Articles
-
IBM Statement on the Quantum Computing Cybersecurity Preparedness Act
-
3 practical ways to strengthen EU-US trade and generate near-term benefits for the transatlantic economy
-
IBM Urges Suspension of Harmful U.S. Department of Commerce Rule on IT Supply Chain Security
-
Building digital resilience through more collaboration