As a security vendor protecting web, mobile, and API traffic from fraud and bot attacks, we have always believed security should be built in from the start. Every day, our platform analyzes trillions of requests to keep our customers’ online properties safe, and those customers trust us to maintain the highest standards of security, resilience, and transparency.

This is why we are publicly aligning with the Cybersecurity and Infrastructure Security Agency (CISA) Secure by Design Pledge, a multi-industry initiative aimed at raising the security baseline across software manufacturers. The pledge reflects expectations we already hold internally: building secure defaults, strengthening authentication, protecting the software supply chain, and communicating transparently.

Below, we detail how DataDome meets each of the pledge’s seven goals and how we will continue advancing secure-by-design practices.

About the CISA Secure by Design Pledge

The Secure by Design Pledge asks software providers to take concrete steps to reduce vulnerabilities at scale, improve transparency, and deliver secure defaults.

The pledge centers around seven commitments: authentication, configuration, vulnerability disclosure, logging, supply chain integrity, and public accountability.

As a security vendor, these principles are already baked into how we work at DataDome. This pledge gives us a way to share our progress openly and help push security standards forward across the industry.

1. Strong authentication practices

Pledge commitment: Provide secure authentication mechanisms and make strong, modern authentication the baseline.

How DataDome aligns

Single Sign-On (SSO)

DataDome integrates with major identity providers through standards-based SSO. This allows organizations to enforce:

• IdP-enforced MFA and conditional access
• Centralized provisioning and deprovisioning
• Role-based access governance
• Zero-trust aligned authentication policies

For customers not using SSO

Customers who do not use SSO still maintain a strong security baseline with:

• Two-Factor Authentication, available to all users and enforceable organization-wide
• Strong password requirements, including a minimum of 12 characters with lowercase, uppercase, numeric, and special characters

IP-based access restriction

Customers can restrict dashboard and API access using IP allowlists, ensuring only trusted network ranges can access DataDome resources.

2. Secure-by-default configuration

Pledge commitment: Ship products with secure configurations that reduce customer burden and minimize exposure.

How DataDome aligns

DataDome is designed so that key security settings are automatically set in a safe state. This includes:

• Encryption by default across all data storage layers
• API Management features that are not enabled by default, reducing unnecessary exposure
• Read-only API credentials, allowing safe access to non-modifying functionality
• Self-service API key rotation, enabling customers to rotate credentials at any time without dependency on support
• Straightforward configuration flows that encourage secure setup during onboarding

These secure-by-default behaviors help customers maintain a minimal attack surface from the start.

3. Reducing vulnerabilities at scale

Pledge commitment: Adopt engineering practices that reduce entire classes of vulnerabilities and support continuous remediation.

How DataDome aligns

DataDome maintains a continuous security improvement and patching cycle. Regular updates introduce:

• New protection and detection enhancements
• Dependency and library upgrades
• Hardening measures across systems and components
• Security fixes as needed

Automated scanning, secure coding practices, and SDLC checkpoints help prevent vulnerabilities from entering production.

We document enhancements through our changelog to maintain transparency.

4. Transparent vulnerability disclosure

Pledge commitment: Maintain clear reporting channels and communicate security issues transparently and in a timely manner.

How DataDome aligns

We maintain a public vulnerability disclosure process and a bug bounty program to support responsible reporting.

DataDome also communicates validated security assessments and investigation summaries via our Trust Center to ensure customers remain informed about relevant security findings, even when no impact is identified.

This approach reinforces trust and aligns directly with the pledge’s expectations for open communication.

5. Logging, monitoring, & evidence of intrusions

Pledge commitment: Provide customers with meaningful telemetry to investigate suspicious activity and understand system behavior.

How DataDome aligns

Enriched traffic logs & real-time notifications: DataDome provides detailed visibility into request-level activity, enriched with detection signals and contextual attributes. Customers can also configure real-time notifications to be alerted about attack patterns or anomalous behavior, enabling rapid operational response.

Audit trails for configuration changes: To support governance and accountability, DataDome maintains audit trails capturing administrative and configuration changes within the dashboard. These records support compliance needs, internal review processes, and investigations into configuration-related events.

6. Secure software supply chain

Pledge commitment: Strengthen supply chain integrity and reduce risks arising from third-party and open-source components.

How DataDome aligns

DataDome embeds supply chain security into every stage of development:

• Automated dependency and vulnerability scanning
• Governance for third-party and open-source components
• Continuous vendor and component risk assessments
• Secure coding guidelines and developer training

These controls ensure the integrity of the dependencies and services used across our platform.

7. Public progress & accountability

Pledge commitment: Regularly share progress toward secure-by-design commitments and help raise industry-wide standards.

How DataDome aligns

We provide transparent updates through our Trust Center, sharing security improvements, investigations, and operational hardening efforts: https://trust.datadome.co/

We will also continue to publish summaries of how we align with the Secure-by-Design Pledge’s seven goals.

Looking ahead

The CISA Secure by Design Pledge puts into words what’s already been driving our work at DataDome for years, but of course, it doesn’t stop here.  Together with our customers and partners, we continue to raise the bar, anticipating and building toward what’s next.

We’re already working on tangible improvements across several areas:

• Stronger authentication defaults – Making multi-factor authentication even more accessible and enforced where it matters most
• Better visibility for customers – Providing deeper insights into your security posture
• Tighter access controls – Expanding authentication options and making it easier to manage who has access to what
• More transparency – Building tools that put security information directly in your hands through our API

Security should be built into the foundation of every product, and we’re committed to making sure that belief shows up in what we ship, not just what we say.