9th May 2024 – Lenovo has joined other technology industry leaders as one of the first companies to sign up to the voluntary ‘Secure by Design’ pledge announced on 8th May by the US Cybersecurity and Infrastructure Security Agency (CISA). The pledge, which is currently focused on enterprise software products and services, on-premises software, cloud services, and software as a service (SaaS), asks technology leaders like Lenovo to make a good-faith pledge to make demonstratable and measurable progress across a set of seven shared focus areas. These include progress in the following areas of multi-factor authentication (MFA), default passwords, reducing entire classes of vulnerability, security patches, vulnerability disclosure policy, common vulnerabilities and exposures (CVE), and evidence of intrusions.
Commenting on Lenovo’s commitment to the pledge, Lenovo Chief Security Officer Doug Fisher said: “We commend CISA’s initiative to drive an industry-wide ‘secure by design’ pledge and welcome the opportunity to align our own well-established security by design approach with other industry best practices. It’s good for the industry that global technology leaders are able to share best practices, driving meaningful progress and accountability in security. We’re committed to demonstrating our continued leadership and advancements in this area, collaborating closely with CISA to instill customer confidence in the safety, trustworthiness, and integrity of the technology they rely on.”
The pledge’s focus complements Lenovo’s best-in-class security by design commitments and programs ensuring the company provides secure infrastructure, products and services, supply chain, and physical security while meeting or exceeding industry standards. This includes Lenovo’s Security Development Lifecycle, Product Security Incident Response Team (PSIRT), manufacturing and global supply chain security, privacy and data protection programs, a trusted supplier program, and an extensive security ecosystem of partners and industry standards groups.
Fisher continued, “Our pledge transcends geographies and benefits all our global customers who face the same industry-wide security challenges US CISA seeks to address, including continued alignment with emerging security regulations around the world.”
Lenovo is the first group of 68 companies committing to the ‘Secure by Design’ pledge, making it one of the few laptop, server, and smartphone manufacturers committed to design products with greater security built in.
More information on the CISA pledge can be found here.
More information about Lenovo’s security commitments and programs can be found here.
