Tenable Partners with CISA to Enhance Secure By Design Practices

When CISA called on the world’s leading software manufacturers to sign its Secure by Design Pledge, Tenable answered promptly and enthusiastically, becoming part of the first wave of supporters of this landmark initiative. In this blog post, Tenable CSO, Head of Research and President of Public Sector Robert Huber explains the significance of this pledge for the software industry, as well as for Tenable and for our customers.

This year’s RSA Conference marked a key moment in our nation’s collective mission to fortify the digital ecosystem against evolving cyberthreats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched its Secure by Design Pledge, an initiative for software developers to embrace secure-by-design practices and commit to work towards a series of secure software development goals and practices, including increasing the use of multi-factor authentication; reducing the prevalence of one or more vulnerability classes across products; publishing a vulnerability disclosure policy; and improving transparency in vulnerability reporting.

Tenable is proud to join 67 other technology firms as an original signatory of the Secure by Design Pledge. This initiative is a commitment to enhance the security posture of our products and, by extension, the broader digital ecosystem. By joining, we remain committed to advancing secure development practices and dedicated to proactive vulnerability management and resilience.

Eric Goldstein, Executive Associate Director, CISA Cybersecurity Division, calls the pledge a critical initiative, but adds that it’s a first step.

“Widespread adoption of Secure by Design principles is critical to our collective national security and shared prosperity. The companies that have stood up and signed the pledge are committing to set an example that will help keep our communities and country safe. But this is just the first step. We look forward to working with each participating company to make tangible, measurable progress and move toward a world where security is a right, not a privilege.”

During the launch event, I had the pleasure of meeting with CISA Director Jen Easterly, who said about the pledge that “more secure software is our best hope to protect against the seemingly never-ending cyberattacks facing our nation.” This sentiment resonates with us at Tenable; we understand that the stakes have never been higher, and the need to fortify our defenses has never been more urgent.

Our decision to embrace the Secure by Design Pledge reflects our commitment to our customers' security. As a provider of comprehensive and rapid coverage of CISA’s Known Exploited Vulnerabilities (KEVs), we are dedicated to detecting and addressing critical vulnerabilities, and helping organizations prioritize risk remediation effectively. Last year, we implemented the Supply-chain Levels for Software Artifacts (SLSA) framework for our Nessus product, underscoring our proactive approach to secure development. The SLSA framework, developed by Google, provides guidelines for enhancing supply chain security, ensuring the integrity of software artifacts across the entire supply chain. By supporting the pledge, we further enhance our capabilities and reinforce our security initiatives.

Prioritizing proactive vulnerability assessments in secure development environments is critical for comprehensive insight into an organization’s attack surface. By incorporating security practices from the outset of technology product development rather than bolting them on later, we’re safeguarding the broader ecosystem for a resilient digital future.

Our commitment to proactive risk identification and mitigation sets the standard for cyber resilience. As responsible software manufacturers, let’s continue to lead by example and inspire others to prioritize cybersecurity from the start of technology development. Together with other industry and government partners, we can chart a course toward a future where technology is safe and secure by design and empower organizations to navigate the evolving threat landscape with confidence and resilience.