Why we signed CISA's Secure by Design Pledge

At Finite State, we recently took a significant step by signing CISA's Secure by Design pledge. This decision reflects our commitment to leading by example, aligning our own software security operations with those of our customers, demonstrating industry and thought leadership, and experiencing the evolution of Secure by Design in tandem with our customers, as they too work toward meeting the requirements and spirit of the pledge. 

Here's why the Secure by Design pledge is so important.

Leading by Example

As the leading provider of software risk management solutions for connected devices and software supply chains, our customers look to us to lead in security by providing a secure product.

By signing this pledge, we aim to set a benchmark in the industry by embodying the principles of Secure by Design in our operations. This commitment goes beyond compliance. 

Our signature on the Secure by Design pledge means integrating security even more deeply into our company's DNA. We must lead by example. 

Aligning with Product Security Teams

To be effective in serving our customers, we need to be in sync with the product security teams we support every day. By adopting Secure by Design principles, we enhance our ability to collaborate and innovate alongside these teams. This alignment ensures that our security measures are not only robust but also relevant to the challenges our customers face daily.

Demonstrating Industry and Leadership

Signing the pledge places us among a select group of companies recognized for their commitment to security. This distinction is significant as it reinforces our responsibility to bring a Secure by Design mindset to everything we do, from helping our customers achieve continuous visibility into potential software risks to building a more secure platform to help them pursue greater product and software supply chain security. 

Aligning with Our Customers

Understanding and addressing the challenges our customers face is at the heart of our mission. By committing to Secure by Design, we experience firsthand the complexities involved in implementing these principles.

This empathy drives us to find solutions that are not only effective but also practical for our customers. We recognize that if the process is difficult for us, it is likely challenging for our customers too. Therefore, we strive to simplify and improve these processes for everyone involved.

The Road Ahead: Culture Shift and Continuous Improvement

We understand that this commitment requires a cultural shift within our organization and the industries we serve. We have a year to work on this, allowing us to approach it thoughtfully and systematically.

This journey involves technical enhancements, marketing efforts, and cultural adjustments. It means prioritizing security over speed to market, ensuring that we do not compromise on secure practices.

To achieve this, we need to equip our engineering team with the right tools, visibility, and processes. Fortunately, as a company that builds security products, we are well-positioned to leverage our own platform and processes. This initiative will create a beneficial feedback loop, ingraining Secure by Design principles throughout our engineering organization.

We also recognize the importance of continuous improvement. This pledge is not about achieving perfection overnight but about iterating and refining our practices over time. It’s a journey of constant learning and adaptation.

Conclusion

Finite State's commitment to CISA's Secure by Design pledge is a testament to our dedication to security, leadership, and customer-centricity. We are excited about the opportunities this pledge brings and the positive impact it will have on our company and our customers. Together, we are paving the way for a more secure future.