New Pledge for Software Manufacturers
A new voluntary pledge has been introduced for software manufacturers, focusing on enterprise software products and services. The pledge includes on-premises software, cloud services, and software as a service (SaaS). While physical products like IoT devices are not included in the pledge, companies are encouraged to demonstrate progress in those areas if they wish.
By signing the pledge, software manufacturers commit to working towards specific goals over the next year. If measurable progress is made, they must publicly document how they achieved it within one year. If progress is not made, they are encouraged to share their efforts and challenges with CISA. The pledge aims to promote transparency and learning within the industry.
The pledge consists of seven goals, each with core criteria that manufacturers pledge to meet. Software manufacturers have the flexibility to choose how they will meet these criteria. CISA applauds those who already meet or exceed the goals and encourages further efforts in software security best practices.
This pledge complements existing software security practices and aims to promote a secure design approach.
Vocabulary List:
- Voluntary (adjective): Donegivenor acting of one own free will.
- Enterprise (noun): A business or organization.
- Criteria (plural noun): Principles or standards by which something may be judged or decided.
- Applauds (verb): Show approval or praise by clapping.
- Complements (verb): Adds to something in a way that enhances or improves it makes perfect.
- Initiative (noun): An introductory step or move.
