Fortinet, a global leader in cybersecurity, has underlined its ongoing commitment to responsible transparency and secure product development processes by becoming one of the first companies to sign the Secure by Design pledge. Developed by the Cybersecurity and Infrastructure Security Agency (CISA), this voluntary industry pledge reinforces existing Fortinet software security best practices. The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet's product security development.

Jim Richberg, head of cyber policy and Global Field Chief Information Security Officer at Fortinet, commented on the company's latest move. "At Fortinet, we have a long-standing commitment to being a role model in ethical and responsible product development and vulnerability disclosure. As part of this dedication, Fortinet has proactively aligned to international and industry best practices and upholds the highest security standards in every aspect of our business. We applaud CISA's continued call to the industry to follow suit, and we strongly encourage others in the technology community to join this effort to keep organisations secure," he said.

As part of its commitment to responsible disclosure processes and Secure by Design principles, Fortinet pays rigorous attention to product security scrutiny throughout the product development lifecycle. The company's adherence to leading standards, such as those set out by the National Institute of Standards and Technology (NIST), and its vigorous testing of its products, reflect this focus. Additionally, the company has designed its Information Security Program to align with industry-leading security standards and data privacy regulations, a testament to Fortinet's ongoing commitment to data privacy and security.

Fortinet's Product Security Incident Response Team (PSIRT) maintains security standards for Fortinet products and operates one of the industry's most robust PSIRT programs. This includes proactively and transparently disclosing vulnerabilities. In fact, nearly 80 per cent of Fortinet vulnerabilities discovered in 2023 were identified internally through the company's rigorous auditing process. This early detection allows for the creation and implementation of fixes before malicious exploitation can occur. Fortinet actively cooperates with customers, independent security researchers, industry organisations, and other vendors to further its PSIRT mission.

Fortinet's commitment to a culture of responsible radical transparency extends beyond its internal practices as the company embraces public and private partnerships that align with its mission. These include memberships in the Network Resilience Coalition, the Joint Cyber Defence Collaborative (JCDC), and the Cyber Threat Alliance (CTA) and a founding role in the World Economic Forum’s Centre for Cybersecurity (C4C). These partnerships demonstrate Fortinet's drive to share intelligence and work with industry leaders to reduce global cyberattacks and disrupt cybercrime.

Industry experts have hailed Fortinet's ongoing dedication to security. Peter Jennings, director of Strategic Analysis Australia and member of Fortinet’s Strategic Advisory Council, said, "The dedication to a secure-by-design approach to product development is foundational to strong security. We see vendors like Fortinet leading the way globally in following and applying these principles, which are also outlined in Australia's Essential Eight framework. It represents a significant step forward in enhancing our collective security."