DigitalCIO
No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
DigitalCIO
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
No Result
View All Result
Digitalcio
No Result
View All Result
Home Tech News

Fortinet reaffirms its commitment to secure product development processes and responsible vulnerability disclosure policies

DigitalCIO Bureau by DigitalCIO Bureau
May 21, 2024
in Tech News
0
Fortinet reaffirms its commitment to secure product development processes and responsible vulnerability disclosure policies
74
SHARES
1.2k
VIEWS
Share on FacebookShare on Twitter

Fortinet has announced it is building on the company’s long-standing commitment to responsible radical transparency as an early signer of the Secure by Design pledge developed by the Cybersecurity and Infrastructure Security Agency (CISA). This voluntary industry pledge complements and builds on existing Fortinet software security best practices, including those developed by CISA, NIST, other federal agencies, and international and industry partners. The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet’s product security development.

Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet

“At Fortinet, we have a long-standing commitment to being a role model in ethical and responsible product development and vulnerability disclosure. As part of this dedication, Fortinet has proactively aligned to international and industry best practices and upholds the highest security standards in every aspect of our business. We applaud CISA’s continued call to the industry to follow suit and appreciate CISA’s willingness to collaborate with Fortinet on the development of these important goals. We strongly encourage others in the technology community to join this effort to keep organizations secure.”

Advancing Fortinet’s Commitment to Secure by Design Principles and Responsible Disclosure Processes

CISA’s latest initiative strongly aligns to Fortinet’s existing product development processes already based on Secure by Design and Secure by Default principles. Fortinet is committed to adhering to robust product security scrutiny at all stages of the product development lifecycle, helping to ensure that security is designed into each product from inception all the way through to end of life, in the following ways:

  • Secure Product Development Lifecycle (SPDLC): Fortinet aligns its processes in accordance with leading standards, including NIST 800-53, NIST 800-161, NIST 800-218, US EO 14028, and UK Telecom Security Act.
  • Robust Security Product Testing: Fortinet leverages tools and techniques such as static application security testing (SAST) and software composition analysis built into its build processes, dynamic application security testing (DAST), vulnerability scanning, and fuzzing prior to each release, as well as penetration testing and manual code audits.
  • Trusted Supplier Program: To ensure rigorous selection and qualification of its major manufacturing partners, Fortinet adheres to NIST 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Fortinet’s commitment to data privacy and security is embedded in every part of the company’s business and in every phase of the product development, manufacturing, and delivery processes.
  • Information Security Program: The Fortinet Information Security Program is based on and aligned with industry-leading security standards and frameworks including ISO 27001/2, ISO 27017 and 27018, and NIST 800-53, as well as data privacy regulations such as GDPR and CCPA.
  • Third-Party Certifications: Fortinet products are regularly certified to standard and validated through third-party product quality standards, including NIST FIPS 140-2 and NIAP Common Criteria NDcPP / EAL4+.

Additionally, the Fortinet Product Security Incident Response Team (PSIRT) is responsible for maintaining security standards for Fortinet products and operates one of the industry’s most robust PSIRT programs, including proactively and transparently disclosing vulnerabilities. Nearly 80% of Fortinet vulnerabilities discovered in 2023 were identified internally through the company’s rigorous auditing process. This proactive approach enables fixes to be developed and implemented before malicious exploitation can occur. Fortinet works with its customers, independent security researchers, consultants, industry organizations, and other vendors to accomplish the company’s PSIRT mission.

To further advance its dedication to a culture of responsible radical transparency, Fortinet has a long-standing commitment to public and private partnerships that align to its mission, including:

  • As a founding member of the Network Resilience Coalition, Fortinet is helping deliver real-world solutions to protect networks and sensitive data, including addressing the issue of software and hardware updates and patches not being implemented.
  • Through its membership with the Joint Cyber Defense Collaborative (JCDC), which was established by CISA in 2021, Fortinet works with public and private entities to gather, analyze, and share actionable information to more proactively protect and defend against cyberthreats.
  • As a founding member of the Cyber Threat Alliance (CTA), Fortinet shares timely threat intelligence with other cybersecurity practitioners to better protect customers against adversaries.
  • Working with global leaders as a founding member of the World Economic Forum’s Centre for Cybersecurity (C4C), Fortinet is helping to encourage intelligence sharing across the industry to reduce global cyberattacks and disrupt cybercrime.

Supporting Quotes

“Over and over, across multiple sectors, we have learned that transparency improves outcomes for consumers and society. The cybersecurity industry is no different. In our sector, transparency includes searching for, mitigating, and disclosing vulnerabilities in an open, responsible manner. Fortinet has already taken steps to embrace such responsible transparency, creating a clear set of principles for handling vulnerability communication and analysis. The company’s leadership in this area is a strong example of how cybersecurity vendors should be communicating with customers and the broader public.”

– Michael Daniels, President and CEO of the Cyber Threat Alliance (CTA)

“The dedication to a secure-by-design approach to product development is foundational to strong security. We see vendors like Fortinet leading the way in following and applying these principles globally, principles which are also outlined in Australia’s Essential Eight framework, as a significant step forward in enhancing our collective security.”

– Peter Jennings, Director, Strategic Analysis Australia and member of Fortinet’s Strategic Advisory Council

“Risk identification and assessment are two of the most crucial components of risk management, whether you’re on the battlefield or protecting an IT environment. Fortinet’s approach to transparency, vulnerability disclosure, and threat intelligence sharing is one that the broader cybersecurity industry should emulate.”

-General Sir Richard Sheriff, retired NATO General

“In today’s dynamic environment, enhanced transparency is vital to making every organization more secure. It’s encouraging to see Fortinet at the forefront of embracing radical transparency as the company leans forward in sharing information about vulnerabilities and threat information.”

– Suzanne Spaulding, former Undersecretary at the U.S. Department of Homeland Security

“Collaboration between governments and private sector companies is and will continue to be integral to staying ahead of cyber threats. As a member of the Fortinet Board of Directors, I’ve seen firsthand and applaud how this cyber leader works with public and private organizations to transparently share threat intelligence and support national security efforts.”

-Admiral James Stavridis, Former 4-star Admiral and Supreme Allied Commander of NATO

 

Tags: Fortinet
Share30Tweet19
DigitalCIO Bureau

DigitalCIO Bureau

Recommended For You

Gartner: AI-optimized cloud infrastructure growing rapidly

by DigitalCIO Bureau
October 15, 2025
0
Infosys: Over $300 billion In Corporate Cloud Commitments Remain Untapped

AI-optimized infrastructure as a service (IaaS) is emerging as the next disruptive growth engine for AI infrastructure. As a result, end-user spending is projected to grow 146% by...

Read moreDetails

OpenAI and Broadcom to Build 10 Gigawatts of AI Infrastructure

by DigitalCIO Bureau
October 15, 2025
0

OpenAI and Broadcom have announced a collaboration for 10 gigawatts of custom AI accelerators. OpenAI will design the accelerators and systems, which will be developed and deployed in...

Read moreDetails

AI Skillsets Critical to Cybersecurity Skills Gap Solution

by DigitalCIO Bureau
October 14, 2025
0
Fortinet Expands Universal SASE Coverage with Two New India-Based Data Centres   

Fortinet has released its 2025 Global Cybersecurity Skills Gap Report, shedding light on the new and persistent challenges organizations face due to the cybersecurity skills gap. The global...

Read moreDetails

Visakhapatnam’s First 50 MW AI Edge Data Center Foundation Laid

by DigitalCIO Bureau
October 14, 2025
0
Visakhapatnam’s First 50 MW AI Edge Data Center Foundation Laid

In a major boost to the Andhra Pradesh government’s digital initiatives, Hon’ble Minister for IT, Electronics and Communications, Real Time Governance and Human Resources Development, Government of Andhra...

Read moreDetails

Mass scanning of Palo Alto Networks, Cisco and Fortinet Login portals

by DigitalCIO Bureau
October 13, 2025
0
Mass scanning of Palo Alto Networks, Cisco and Fortinet Login portals

Cybersecurity intelligence firm GreyNoise has observed an alarming increase in scanning activity against network equipment from major vendors in recent days. Scanning of Palo Alto Networks login portals...

Read moreDetails
Next Post
Mphasis Establishes Global CoE for Advanced Computing in Hyderabad

Mphasis Establishes Global CoE for Advanced Computing in Hyderabad

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Related News

New Wearable Patch Can Detect Stress Level

July 21, 2018

Intel Showcases New Products and Partnerships Accelerating the 5G Revolution

February 26, 2019

VIAVI Partners with Ingram Micro to Enhance Network Performance for Service Providers and Enterprises

January 16, 2020

Browse by Category

  • Acquisition
  • Appointment
  • Archive
  • Artificial Intelligence
  • CIO Interviews
  • Cloud
  • Datacenter
  • Events and Conferences
  • Market Insights
  • News
  • Opinion and Analysis
  • Products
  • Resources
  • Security
  • Storage
  • Tech News
  • Telecom
Digitalcio

Welcome to DigitalCIO, your ultimate source for staying ahead in the ever-evolving world of technology and business.

BROWSE BY TAG

Acquisition AI Appointment artificial intelligence Artificial Intelligence and Machine Learning AWS Barracuda Big Data and Analytics Blockchain CISCO Cloud Computing Cloudflare Commvault CrowdStrike Cybersecurity Digital Transformation Dynatrace E-books Fortinet Gartner GenAI Generative AI Google Cloud HCLTech Honeywell IBM Infographics Internet of Things (IoT) Kaspersky Microsoft Netskope NTT DATA Palo Alto Networks Panel Discussion Qlik Salesforce Sophos Tenable Trend Micro Veeam Veeam Software Vertiv Webinars Whitepaper Zscaler

CATEGORIES

  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources
  • Archive

NAVIGATION

  • Home
  • About Us
  • Advertise with Us
  • Contact Us

© 2024 digitalcio.in - All rights reserved.

No Result
View All Result
  • Home
  • Tech News
  • Market Insights
  • CIO Interviews
  • Events and Conferences
  • Opinion and Analysis
  • Resources

© 2024 digitalcio.in - All rights reserved.

Are you sure want to unlock this post?
Unlock left : 0
Are you sure want to cancel subscription?