Fortinet reaffirms its commitment to secure product development processes and responsible vulnerability disclosure policies

PHOTO

Riyadh: Fortinet® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, has announced it is building on the company’s long-standing commitment to responsible radical transparency as an early signer of the Secure by Design pledge developed by the Cybersecurity and Infrastructure Security Agency (CISA).

This voluntary industry pledge complements and builds on existing Fortinet software security best practices, including those developed by CISA, NIST, other federal agencies, and international and industry partners. The pledge outlines seven goals, including responsible vulnerability disclosure policies, which are already an integral part of Fortinet’s product security development.

Advancing Fortinet’s Commitment to Secure by Design Principles and Responsible Disclosure Processes

CISA’s latest initiative strongly aligns to Fortinet’s existing product development processes already based on Secure by Design and Secure by Default principles. Fortinet is committed to adhering to robust product security scrutiny at all stages of the product development lifecycle, helping to ensure that security is designed into each product from inception all the way through to end of life, in the following ways:

Secure Product Development Lifecycle (SPDLC): Fortinet aligns its processes in accordance with leading standards, including NIST 800-53, NIST 800-161, NIST 800-218, US EO 14028, and UK Telecom Security Act.

Robust Security Product Testing: Fortinet leverages tools and techniques such as static application security testing (SAST) and software composition analysis built into its build processes, dynamic application security testing (DAST), vulnerability scanning, and fuzzing prior to each release, as well as penetration testing and manual code audits.

Trusted Supplier Program: To ensure rigorous selection and qualification of its major manufacturing partners, Fortinet adheres to NIST 800-161: Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations. Fortinet’s commitment to data privacy and security is embedded in every part of the company’s business and in every phase of the product development, manufacturing, and delivery processes.

Information Security Program: The Fortinet Information Security Program is based on and aligned with industry-leading security standards and frameworks including ISO 27001/2, ISO 27017 and 27018, and NIST 800-53, as well as data privacy regulations such as GDPR and CCPA.

Third-Party Certifications: Fortinet products are regularly certified to standard and validated through third-party product quality standards, including NIST FIPS 140-2 and NIAP Common Criteria NDcPP / EAL4+.

Additionally, the Fortinet Product Security Incident Response Team (PSIRT) is responsible for maintaining security standards for Fortinet products and operates one of the industry’s most robust PSIRT programs, including proactively and transparently disclosing vulnerabilities. Nearly 80% of Fortinet vulnerabilities discovered in 2023 were identified internally through the company’s rigorous auditing process. This proactive approach enables fixes to be developed and implemented before malicious exploitation can occur. Fortinet works with its customers, independent security researchers, consultants, industry organizations, and other vendors to accomplish the company’s PSIRT mission.

Jim Richberg, Head of Cyber Policy and Global Field CISO at Fortinet

“At Fortinet, we have a long-standing commitment to being a role model in ethical and responsible product development and vulnerability disclosure. As part of this dedication, Fortinet has proactively aligned to international and industry best practices and upholds the highest security standards in every aspect of our business. We applaud CISA’s continued call to the industry to follow suit and appreciate CISA’s willingness to collaborate with Fortinet on the development of these important goals. We strongly encourage others in the technology community to join this effort to keep organizations secure.”

-Ends-

About Fortinet

Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute, one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with high-profile, well-respected organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs, Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com, the Fortinet Blog, and FortiGuard Labs.

Fortinet reaffirms its commitment to secure product development processes and responsible vulnerability disclosure policies

DISCOVER MORE

PLC reports impressive 141% net profit surge, boosting Q2 2024 performance

Dalma Mall welcomes Abu Dhabi's first iSTYLE Apple premium partner store

2024 to see issuance of about 10,000 new broker licenses in Dubai, VVS Estate reveals

Presight leads AI enablement workshop for top Ethiopian government officials

Coral Beach Resort Sharjah hands over 565 kg of end-of-life linens and uniforms for recycling

H.E. Bin Touq discusses ways to enhance cooperation in new economy, tourism, entrepreneurship and transport sectors

Masdar partners with Endesa in €1.7bln renewable energy transaction in Spain

Dubai Chamber of Commerce receives 79 mediation cases during the first half of 2024

Ajman Tourism announces the 9th Liwa Ajman Dates and Honey Festival 2024

The Ritz-Carlton, Doha makes an important new hire, with Koni Kim announced as director of food & beverage

Ennismore, Evolutions & City View Developments launch the first Hyde Residences in Dubai

Albal Design launches UAE's first science based interior design concept

Aldar unveils The Arthouse, an exclusive residence in Abu Dhabi’s Cultural District inspired by private members’ clubs

Royal Oman Police: Beware of new fraudulent scheme impersonating Central Bank of Oman

CrowdStrike says over 97% of Windows sensors back online

How rapid technological progress is transforming the IP property landscape in SA

CrowdStrike says significant number of outage-affected devices back up

No reports of cyber attacks following global IT outage: UAE Cybersecurity Council

LATEST VIDEO

VIDEO: MENA debt market issuances surge nearly 60% to $73.4bln in H1

ZAWYA COVERAGE

Deyaar's Q2 net profit rises 86% to $32mln on higher revenue

Dubai Taxi Co. Q2 net profit drops 14%; revenue rises

Mashreq Bank Q2 edges higher to $545mln, bests estimate

UAE’s ADIA, US firm seek nearly $400mln stake sale in Indian infra investment trust

E-commerce using 'Mada' cards surges 22% in the first quarter of 2024

Saudi Arabia commits to quality jobs and decent work

Gold rises as yields slip after US data lifts rate-cut hopes

UAE and Tamil Nadu explore diverse investment potential

Dubai to see ‘issuance of 10,000 new broker licences’ in 2024

THE BRI REPORT

China’s flagship global infrastructure initiative is changing in the face of potent headwinds