RSA Conference 2024
Jim Richberg, Head of Cyber Policy and Global Field CISO
at Fortinet “At Fortinet, we have a long-standing
commitment to being a role model in ethical and responsible product
development and vulnerability disclosure. As part of this
dedication, Fortinet has proactively aligned to international and
industry best practices and upholds the highest security standards
in every aspect of our business. We applaud CISA’s continued call
to the industry to follow suit and appreciate CISA’s willingness to
collaborate with Fortinet on the development of these important
goals. We strongly encourage others in the technology community to
join this effort to keep organizations secure.”
News Summary:
Fortinet® (NASDAQ: FTNT), the global cybersecurity leader
driving the convergence of networking and security, today announced
it is building on the company’s long-standing commitment to
responsible radical transparency as an early signer of the
Secure by Design pledge developed by the Cybersecurity and
Infrastructure Security Agency (CISA). This voluntary industry
pledge complements and builds on existing Fortinet software
security best practices, including those developed by CISA, NIST,
other federal agencies, and international and industry partners.
The pledge outlines seven goals, including responsible
vulnerability disclosure policies, which are already an integral
part of Fortinet’s product security development.
Advancing Fortinet’s Commitment to Secure by Design
Principles and Responsible Disclosure Processes CISA’s
latest initiative strongly aligns to Fortinet’s existing product
development processes already based on Secure by Design and Secure
by Default principles. Fortinet is committed to adhering to robust
product security scrutiny at all stages of the product development
lifecycle, helping to ensure that security is designed into each
product from inception all the way through to end of life, in the
following ways:
- Secure Product Development Lifecycle (SPDLC):
Fortinet aligns its processes in accordance with leading standards,
including NIST 800-53, NIST 800-161, NIST 800-218, US EO 14028, and
UK Telecom Security Act.
- Robust Security Product Testing: Fortinet
leverages tools and techniques such as static application security
testing (SAST) and software composition analysis built into its
build processes, dynamic application security testing (DAST),
vulnerability scanning, and fuzzing prior to each release, as well
as penetration testing and manual code audits.
- Trusted Supplier Program: To ensure rigorous
selection and qualification of its major manufacturing partners,
Fortinet adheres to NIST 800-161: Cybersecurity Supply Chain Risk
Management Practices for Systems and Organizations. Fortinet’s
commitment to data privacy and security is embedded in every part
of the company’s business and in every phase of the product
development, manufacturing, and delivery processes.
- Information Security Program: The Fortinet
Information Security Program is based on and aligned with
industry-leading security standards and frameworks including ISO
27001/2, ISO 27017 and 27018, and NIST 800-53, as well as data
privacy regulations such as GDPR and CCPA.
- Third-Party Certifications: Fortinet products
are regularly certified to standard and validated through
third-party product quality standards, including NIST FIPS 140-2
and NIAP Common Criteria NDcPP / EAL4+.
Additionally, the Fortinet Product Security Incident Response
Team (PSIRT) is responsible for maintaining security standards for
Fortinet products and operates one of the industry’s most robust
PSIRT programs, including proactively and transparently disclosing
vulnerabilities. Nearly 80% of Fortinet vulnerabilities discovered
in 2023 were identified internally through the company’s rigorous
auditing process. This proactive approach enables fixes to be
developed and implemented before malicious exploitation can occur.
Fortinet works with its customers, independent security
researchers, consultants, industry organizations, and other vendors
to accomplish the company’s PSIRT mission.
To further advance its dedication to a culture of responsible
radical transparency, Fortinet has a long-standing commitment to
public and private partnerships that align to its mission,
including:
- As a founding member of the Network Resilience Coalition,
Fortinet is helping deliver real-world solutions to protect
networks and sensitive data, including addressing the issue of
software and hardware updates and patches not being
implemented.
- Through its membership with the Joint Cyber Defense
Collaborative (JCDC), which was established by CISA in 2021,
Fortinet works with public and private entities to gather, analyze,
and share actionable information to more proactively protect and
defend against cyberthreats.
- As a founding member of the Cyber Threat Alliance (CTA),
Fortinet shares timely threat intelligence with other cybersecurity
practitioners to better protect customers against adversaries.
- Working with global leaders as a founding member of the World
Economic Forum’s Centre for Cybersecurity (C4C), Fortinet
is helping to encourage intelligence sharing across the industry to
reduce global cyberattacks and disrupt cybercrime.
Responsible Radical Transparency Panel at RSAC
2024 Fortinet will expand on how responsible radical
transparency can help strengthen cybersecurity resiliency against
cyber adversaries as part of a panel session at RSA Conference 2024
titled “No More Secrets in Cybersecurity: Implementing Radical
Transparency.” The session will take place Thursday, May 9, from
10:50 to 11:40 a.m. PT. in Moscone South - 156.
The panel discussion will feature esteemed industry experts,
including:
- Dr. Carl Windsor, Senior Vice President of Product Technology
and Solutions, Fortinet
- Michael Daniel, President and Chief Executive Officer, Cyber
Threat Alliance
- Eric Goldstein, Executive Assistant Director for Cybersecurity,
CISA
- Suzanne Spaulding, Former Undersecretary, U.S. Department of
Homeland Security
Anyone interested in expanding their understanding and
familiarity with these critical topics can register here.
Supporting Quotes “Over and over, across
multiple sectors, we have learned that transparency improves
outcomes for consumers and society. The cybersecurity industry is
no different. In our sector, transparency includes searching for,
mitigating, and disclosing vulnerabilities in an open, responsible
manner. Fortinet has already taken steps to embrace such
responsible transparency, creating a clear set of principles for
handling vulnerability communication and analysis. The company’s
leadership in this area is a strong example of how cybersecurity
vendors should be communicating with customers and the broader
public.” — Michael Daniels, President and CEO of the Cyber
Threat Alliance (CTA)
“The dedication to a secure-by-design approach to product
development is foundational to strong security. We see vendors like
Fortinet leading the way in following and applying these principles
globally, principles which are also outlined in Australia’s
Essential Eight framework, as a significant step forward in
enhancing our collective security.”— Peter Jennings, Director,
Strategic Analysis Australia and member of Fortinet's Strategic
Advisory Council
“Risk identification and assessment are two of the most crucial
components of risk management, whether you’re on the battlefield or
protecting an IT environment. Fortinet’s approach to transparency,
vulnerability disclosure, and threat intelligence sharing is one
that the broader cybersecurity industry should
emulate.”— General Sir Richard Sheriff, retired NATO
General
“In today’s dynamic environment, enhanced transparency is vital
to making every organization more secure. It’s encouraging to see
Fortinet at the forefront of embracing radical transparency as the
company leans forward in sharing information about vulnerabilities
and threat information.”— Suzanne Spaulding, former
Undersecretary at the U.S. Department of Homeland Security
“Collaboration between governments and private sector companies
is and will continue to be integral to staying ahead of cyber
threats. As a member of the Fortinet Board of Directors, I’ve seen
firsthand and applaud how this cyber leader works with public and
private organizations to transparently share threat intelligence
and support national security efforts.” — Admiral James
Stavridis, Former 4-star Admiral and Supreme Allied Commander of
NATO
Additional Resources
- Learn more
about Fortinet's commitment to product security and integrity,
including this recent blog post on its longstanding commitment to
responsible product development and vulnerability disclosure
approach and policies.
-
Visit fortinet.com/trust to learn more about Fortinet
innovation, collaboration partners, product security processes, and
enterprise-grade products that contribute to delivering proven
cybersecurity, everywhere you need it.
- Learn about Fortinet’s free cybersecurity training, which
includes broad cyber awareness and product training. As part of the
Fortinet Training Advancement Agenda (TAA), the Fortinet Training
Institute also provides training and certification through the
Network Security Expert (NSE) Certification, Academic Partner, and
Education Outreach programs.
- Follow Fortinet on Twitter, LinkedIn, Facebook, and Instagram.
Subscribe to Fortinet on our blog or YouTube.
About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of
cybersecurity and the convergence of networking and security. Our
mission is to secure people, devices, and data everywhere, and
today we deliver cybersecurity everywhere you need it with the
largest integrated portfolio of over 50 enterprise-grade products.
Well over half a million customers trust Fortinet's solutions,
which are among the most deployed, most patented, and most
validated in the industry. The Fortinet Training Institute,
one of the largest and broadest training programs in the industry,
is dedicated to making cybersecurity training and new career
opportunities available to everyone. Collaboration with
high-profile, well-respected organizations from both the public and
private sectors, including CERTs, government entities, and
academia, is a fundamental aspect of Fortinet’s commitment to
enhance cyber resilience globally. FortiGuard Labs, Fortinet’s
elite threat intelligence and research organization, develops and
utilizes leading-edge machine learning and AI technologies to
provide customers with timely and consistently top-rated protection
and actionable threat intelligence. Learn more at
https://www.fortinet.com, the Fortinet Blog, and FortiGuard
Labs.
FTNT-O
Copyright © 2024 Fortinet, Inc. All rights reserved. The symbols
® and ™ denote respectively federally registered trademarks and
common law trademarks of Fortinet, Inc., its subsidiaries and
affiliates. Fortinet’s trademarks include, but are not limited to,
the following: Fortinet, the Fortinet logo, FortiGate, FortiOS,
FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC,
FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC,
FortiAI, FortiAIOps, FortiAntenna, FortiAP, FortiAPCam,
FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera,
FortiCarrier, FortiCASB, FortiCentral, FortiConnect,
FortiController, FortiConverter, FortiCWP, FortiDB, FortiDDoS,
FortiDeceptor, FortiDeploy, FortiDevSec, FortiEdge, FortiEDR,
FortiExplorer, FortiExtender, FortiFirewall, FortiFone, FortiGSLB,
FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink,
FortiMoM, FortiMonitor, FortiNAC, FortiNDR, FortiPenTest,
FortiPhish, FortiPlanner, FortiPolicy, FortiPortal, FortiPresence,
FortiProxy, FortiRecon, FortiRecorder, FortiSASE,
FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSwitch,
FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN,
FortiWeb, FortiWiFi, FortiWLC, FortiWLM and FortiXDR. Other
trademarks belong to their respective owners. Fortinet has not
independently verified statements or certifications herein
attributed to third parties and Fortinet does not independently
endorse such statements. Notwithstanding anything to the contrary
herein, nothing herein constitutes a warranty, guarantee, contract,
binding specification or other binding commitment by Fortinet or
any indication of intent related to a binding commitment, and
performance and other specification information herein may be
unique to certain environments.
Media
Contact:Stephanie LiraFortinet,
Inc.408-235-7700pr@fortinet.com |
Investor Contact:Peter SalkowskiFortinet, Inc.
408-331-4595psalkowski@fortinet.com |
Analyst Contact:Brian Greenberg Fortinet,
Inc.408-235-7700analystrelations@fortinet.com |
Fortinet (NASDAQ:FTNT)
Historical Stock Chart
From May 2024 to Jun 2024
Fortinet (NASDAQ:FTNT)
Historical Stock Chart
From Jun 2023 to Jun 2024