Fortinet, a global leader in cybersecurity, underscores its continued commitment to accountable transparency and secure product development processes by becoming one of the first companies to sign the Secure by Design pledge. This voluntary industry pledge, developed by the Cybersecurity and Infrastructure Security Agency (CISA), strengthens existing Fortinet software security best practices. The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet's product security development.
Jim Richburg, Fortinet's head of cyber policy and global field chief information security officer, commented on the company's latest move. “At Fortinet, we have a long-standing commitment to being a role model in ethical and responsible product development and vulnerability disclosure. As part of this commitment, Fortinet actively aligns with international and industry best practices. We applaud CISA for continuing to call on the industry to follow suit, and encourage others in the technology community to keep their organizations safe. We strongly encourage everyone to join this effort,” he said.
As part of our commitment to responsible disclosure processes and Secure by Design principles, Fortinet pays rigorous attention to product security scrutiny throughout the product development lifecycle. The company's compliance with key standards and vigorous testing of its products, including those set by the National Institute of Standards and Technology (NIST), reflects this focus. Additionally, the company has designed its information security program to align with industry-leading security standards and data privacy regulations, a testament to Fortinet's continued commitment to data privacy and security.
Fortinet's Product Security Incident Response Team (PSIRT) maintains security standards for Fortinet products and operates one of the most robust PSIRT programs in the industry. This includes proactively and transparently disclosing vulnerabilities. In fact, nearly 80% of Fortinet's vulnerabilities discovered in 2023 were identified internally through the company's rigorous audit process. This early detection allows for fixes to be created and implemented before malicious exploitation occurs. Fortinet actively collaborates with customers, independent security researchers, industry organizations, and other vendors to further the PSIRT mission.
Fortinet embraces public and private partnerships that align with our mission, and our commitment to a culture of accountability and transparency extends beyond our internal practices. These include membership in the Network Resilience Coalition, Joint Cyber Defense Collaborative (JCDC), Cyber Threat Alliance (CTA), and founding role in the World Economic Forum's Center for Cybersecurity (C4C). included. These partnerships demonstrate Fortinet's commitment to sharing intelligence and collaborating with industry leaders to reduce global cyberattacks and stop cybercrime.
Industry experts praise Fortinet's continued commitment to security. “A dedication to a secure-by-design approach to product development is the foundation for strong security,” said Peter Jennings, Australian Director of Strategic Analysis and member of the Fortinet Strategic Advisory Board. We see such vendors as leading the way globally in the following areas: Applying these principles, which are also outlined in Australia's Essential 8 Framework, will help strengthen our nation's collective security. It represents an important step forward.”
