Tenable Partners with CISA to Enhance Secure By Design Practices
2024-6-7 03:0:0 Author: www.tenable.com(查看原文) 阅读量:7 收藏

Tenable Partners with CISA to Enhance Secure By Design Practices

When CISA called on the world’s leading software manufacturers to sign its Secure by Design Pledge, Tenable answered promptly and enthusiastically, becoming part of the first wave of supporters of this landmark initiative. In this blog post, Tenable CSO, Head of Research and President of Public Sector Robert Huber explains the significance of this pledge for the software industry, as well as for Tenable and for our customers.

This year’s RSA Conference marked a key moment in our nation’s collective mission to fortify the digital ecosystem against evolving cyberthreats. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) launched its Secure by Design Pledge, an initiative for software developers to embrace secure-by-design practices and commit to work towards a series of secure software development goals and practices, including increasing the use of multi-factor authentication; reducing the prevalence of one or more vulnerability classes across products; publishing a vulnerability disclosure policy; and improving transparency in vulnerability reporting.

Tenable is proud to join 67 other technology firms as an original signatory of the Secure by Design Pledge. This initiative is a commitment to enhance the security posture of our products and, by extension, the broader digital ecosystem. By joining, we remain committed to advancing secure development practices and dedicated to proactive vulnerability management and resilience.

Tenable CSO Bob Huber signs CISA pledge
Tenable CSO Bob Huber signs CISA's Secure by Design Pledge

Eric Goldstein, Executive Associate Director, CISA Cybersecurity Division, calls the pledge a critical initiative, but adds that it’s a first step.

“Widespread adoption of Secure by Design principles is critical to our collective national security and shared prosperity. The companies that have stood up and signed the pledge are committing to set an example that will help keep our communities and country safe. But this is just the first step. We look forward to working with each participating company to make tangible, measurable progress and move toward a world where security is a right, not a privilege.”

During the launch event, I had the pleasure of meeting with CISA Director Jen Easterly, who said about the pledge that “more secure software is our best hope to protect against the seemingly never-ending cyberattacks facing our nation.” This sentiment resonates with us at Tenable; we understand that the stakes have never been higher, and the need to fortify our defenses has never been more urgent.

Tenable CSO Bob Huber with CISA Director Jen Easterly
Tenable CSO Bob Huber with CISA Director Jen Easterly during the Secure by Design Pledge signing event at RSA Conference 2024

Our decision to embrace the Secure by Design Pledge reflects our commitment to our customers' security. As a provider of comprehensive and rapid coverage of CISA’s Known Exploited Vulnerabilities (KEVs), we are dedicated to detecting and addressing critical vulnerabilities, and helping organizations prioritize risk remediation effectively. Last year, we implemented the Supply-chain Levels for Software Artifacts (SLSA) framework for our Nessus product, underscoring our proactive approach to secure development. The SLSA framework, developed by Google, provides guidelines for enhancing supply chain security, ensuring the integrity of software artifacts across the entire supply chain. By supporting the pledge, we further enhance our capabilities and reinforce our security initiatives.

Prioritizing proactive vulnerability assessments in secure development environments is critical for comprehensive insight into an organization’s attack surface. By incorporating security practices from the outset of technology product development rather than bolting them on later, we’re safeguarding the broader ecosystem for a resilient digital future.

Our commitment to proactive risk identification and mitigation sets the standard for cyber resilience. As responsible software manufacturers, let’s continue to lead by example and inspire others to prioritize cybersecurity from the start of technology development. Together with other industry and government partners, we can chart a course toward a future where technology is safe and secure by design and empower organizations to navigate the evolving threat landscape with confidence and resilience.

Robert Huber

Robert Huber

As Tenable’s Chief Security Officer, Head of Research and President of Tenable Public Sector, LLC, Robert Huber oversees the company's global security and research teams, working cross-functionally to reduce risk to the organization, its customers and the broader industry. He has more than 25 years of cyber security experience across the financial, defense, critical infrastructure and technology sectors. Prior to joining Tenable, Robert was a chief security and strategy officer at Eastwind Networks. He was previously co-founder and president of Critical Intelligence, an OT threat intelligence and solutions provider, which cyber threat intelligence leader iSIGHT Partners acquired in 2015. He also served as a member of the Lockheed Martin CIRT, an OT security researcher at Idaho National Laboratory and was a chief security architect for JP Morgan Chase. Robert is a board member and advisor to several security startups and served in the U.S. Air Force and Air National Guard for more than 22 years. Before retiring in 2021, he provided offensive and defensive cyber capabilities supporting the National Security Agency (NSA), United States Cyber Command and state missions.

Related Articles

  • Announcements
  • Exposure Management
  • Federal
  • Government

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable.io. A representative will be in touch soon.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Thank You

Thank you for your interest in Tenable Vulnerability Management. A representative will be in touch soon.

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Thank You

Thank you for your interest in Tenable Lumin. A representative will be in touch soon.

Request a demo of Tenable Security Center

Please fill out this form with your contact information.

A sales representative will contact you shortly to schedule a demo.

* Field is required

Request a demo of Tenable OT Security

Get the Operational Technology Security You Need.

Reduce the Risk You Don’t.

Request a demo of Tenable Identity Exposure

Continuously detect and respond to Active Directory attacks. No agents. No privileges.

On-prem and in the cloud.

Request a Demo of Tenable Cloud Security

Exceptional unified cloud security awaits you!

We’ll show you exactly how Tenable Cloud Security helps you deliver multi-cloud asset discovery, prioritized risk assessments and automated compliance/audit reports.

See
Tenable One
In Action

Exposure management for the modern attack surface.

See Tenable Attack Surface Management In Action

Know the exposure of every asset on any platform.

Thank You

Thank you for your interest in Tenable Attack Surface Management. A representative will be in touch soon.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Learn How Tenable Helps Achieve SLCGP Cybersecurity Plan Requirements

Tenable solutions help fulfill all SLCGP requirements. Connect with a Tenable representative to learn more.


文章来源: https://www.tenable.com/blog/tenable-partners-with-cisa-to-enhance-secure-by-design-practices
如有侵权请联系:admin#unsafe.sh