Throughout my career, I’ve observed that making software safer isn’t easy or cheap, yet it is the only way to truly protect our systems. It’s similar to improving car safety in the 1960s: building better designs—like those with seatbelts, crumple zones, and reinforced frames—proved far more effective at saving lives than responding to accidents after they occurred. But these advances didn’t happen overnight. They required sustained investment, coordination, and vigilance. During my time in the Army, the Intelligence Community, and at Morgan Stanley, we dedicated significant resources to securing the software we developed. Even with these resources, the work was never easy, cheap, or perfect. However, the payoff was undeniable: safer systems, stronger outcomes, and fewer preventable failures.
Securing the Future
The Secure by Design movement has ignited tangible improvements in how manufacturers develop and secure software. What SbD has accomplished so far:
- Secure by Design Pledge. In May 2024, CISA launched the voluntary SbD pledge, calling on manufacturers to commit to seven foundational security goals. At its inception, 68 companies took this pledge. Today, more than 250 companies have joined the movement, marking a significant shift toward making secure design a standard practice.
- Industry SbD Leadership. Large players in the tech industry have embraced SbD principles, not just in name but in action. Google, for instance, has implemented initiatives directly aligned with the pledge, demonstrating a commitment to embedding security at every stage of development. Similarly, Microsoft’s Secure Future Initiative has become a beacon of proactive security, with a progress report highlighting their focus on secure by design, secure by default, and secure operations to better safeguard customers. These efforts underscore the power of industry leadership in driving systemic change.
In April of 2023, CISA launched the Secure by Design (SbD) movement with our whitepaper, Shifting the Balance of Cybersecurity Risk. This effort is akin to the transformative movement sparked by Ralph Nader’s 1965 book Unsafe at Any Speed, which exposed the “built-in dangers” of car design and spurred manufacturers on to prioritize safety. Just as that movement led to safer vehicles, Secure by Design aims to address the “built-in dangers” of insecure software.
In the mid-20th century, we faced a crisis on the roads: Poorly designed cars contributed to accidents that caused catastrophic injuries and deaths. It wasn’t until we, as a nation, learned that these accidents weren’t just inevitable “user errors” but a result of unsafe design that things began to change. After learning this, we pushed manufacturers to adopt new features like seat belts, airbags, and anti-lock brakes—solutions that saved countless lives.
We are in the “before seat belts” era of software. Just as unsafe car design once led to fatal crashes, we currently accept dangerous software, and the commonly resulting system comprise, as inevitable. We’ve been misled into blaming users for poor security habits—failing to apply updates, for example—rather than asking whether design flaws could be the issue.
In 2007, MITRE identified 13 "unforgivable" software defects—akin to faulty brakes or missing seat belts. These defects are preventable, yet a whopping 10 of them are listed in MITRE's recently published 2024 CWE Top 25 Most Dangerous Software Weaknesses. Coding errors like memory-unsafe code and SQL injection – which we and the FBI have deemed bad practices – remain widespread and easy for malicious actors to exploit.
The consequences are predictable, and we see them in the headlines. Foreign adversaries, particularly those associated with the People’s Republic of China, routinely exploit software vulnerabilities in network edge devices to infiltrate our systems. The damage is expensive, time-consuming, and reputationally catastrophic. Worse, the deep integration of private companies, utilities, and critical infrastructure has turned these compromises into a national security crisis—one we likely don’t yet fully comprehend.
The bottom line:
Software won’t get safer until we demand it.
The truth is: We don’t have a cybersecurity problem; we have a software quality problem. We are now at a tipping point—with foreign adversaries rampantly exploiting defective software—where this recognition is leading to a concerted demand for better security. Just as automobile safety reforms only succeeded when the public demanded safer cars as a basic standard, the software industry will only prioritize secure design when we, as a nation, demand it as the baseline for a functioning, secure, digital ecosystem.
The Secure by Design initiative supports this demand by equipping customers with key questions to ask vendors about their software—just as public safety campaigns taught the nation how to evaluate the safety features of their cars. By empowering users, we aim to create a seismic shift in software security.
Driving demand is essential, but achieving lasting change requires fostering accountability and industry-wide adoption of SbD principles—from the CEO’s office to the developer’s desk. In May 2024, we launched CISA’s Secure by Design pledge, where now over 250 companies have committed to driving measurable progress towards seven key SbD goals. Since then, we’ve seen more and more companies report on the good progress they’re making. Expanding the number of companies signing the SbD pledge is key. Each new signer commits to prioritizing security at every stage of software development, creating a ripple effect that raises the standard across the industry.
Equally important to the SbD movement is increasing the number of companies that serve as Common Vulnerabilities and Exposures (CVE) Numbering Authorities (CNAs). By identifying and assigning CVE IDs for vulnerabilities in their own products, CNAs drive transparency and accountability—much like car manufacturers adopting standards improve the safety of their vehicles. Together, a broader base of SbD pledge signers and CNAs will strengthen the ecosystem and make security become an integral part of every product, not an afterthought.
The need for safer software isn’t new, just as the need for safer car designs wasn’t new in the 1960s. People knew for decades that cars needed seat belts, better brakes, and stronger frames, but pioneers like Ralph Nader linked car design to road fatalities and drove systemic change. Similarly, the cybersecurity community has long understood the need for secure software. What’s new is the SbD initiative, which unites public awareness with industry accountability to catalyze meaningful action.
The Secure by Design pledge, the resulting progress pledge signers are making, and the bipartisan support for cybersecurity all signal that there is a groundswell of support mounting behind this movement. I believe we, as a nation, are ready to embrace it and move past the “before seat belts” era of software. I see a brighter future, where sustained effort and collaboration will make secure software the standard, not the exception. Just as car manufacturers eventually embedded seat belts, airbags, and anti-lock brakes into every vehicle design, I see Secure by Design becoming a core identity for software developers, with security integrated from the first line of code to deployment. Beyond developers and manufacturers, I see individuals and organizations across the entire ecosystem—open source communities, universities, insurers, Venture Capital firms, researchers, and regulators—playing their part to prioritize and incentivize security. Best of all, I see our nation embracing this movement to make secure, resilient software, creating a safer digital world for everyone.