RSA Conference 2024: Embracing Responsible Radical Transparency

Last week, Fortinet had a strong presence at RSA Conference (RSAC) 2024, one of the largest cybersecurity conferences in the world. From our founder, chairman of the board, and CEO Ken Xie participating in a closed-door CEO roundtable with U.S. government officials to Fortinet becoming an early signer of a critical industry pledge to meetings with NATO and other international government entities, Fortinet joined and collaborated with esteemed cybersecurity authorities to push forward critical industry conversations, including the importance of responsible radical transparency.

Fortinet Becomes One of the First Cybersecurity Vendors to Sign CISA’s Secure by Design Pledge

As the threat landscape intensifies, with an average of less than five days for publicly disclosed vulnerabilities to get exploited by cyberthreats, it’s more vital than ever for technology vendors to implement proactive, transparent, and robust security standards. At RSAC, Fortinet signed the Secure by Design Pledge created by the Cybersecurity and Infrastructure Security Agency (CISA). The pledge, which aligns with the National Security Strategy developed by the White House, outlines seven goals, including developing responsible vulnerability disclosure policies, which are already integral to Fortinet’s product security development.

This promise builds on our long-standing commitment to cultivating a culture of responsible radical transparency, keeping our customers' safety in mind. Fortinet’s Jim Richberg, head of cyber policy and global field CISO, also participated in a panel discussion as the only pure-play cyber vendor for CISA’s Secure by Design Pledge signing ceremony during RSA. As someone who played an instrumental role in drafting the pledge, Richberg shared during the panel: “Fortinet had been doing the precepts and practices of Secure by Design principles and being radically transparent before the first edition of the [CISA Secure by Design] white paper came out. We had seen not only that this is the right thing to do, but it works—not just for the company but for your products and your customers. This [pledge] was the opportunity to turn this into an industry norm.”

He also shared how “This pledge is a subset of a broader set of things the industry needs work on. In our case, we had already been doing it. The reality is this touches product security, supply chain, customer data, and more. You have to build a way to build trust and transparency. Your customers not only have expectations, but they will want to see the proof.”

Fortinet Hosts Panel of Expert Voices on the Need for Responsible Radical Transparency in the Industry

Fortinet united on stage with expert voices to discuss the importance of implementing responsible radical transparency across the entire cybersecurity industry. The panel discussion featured the following esteemed industry leaders:

• Dr. Carl Windsor, Senior Vice President of Product Technology and Solutions, Fortinet
• Michael Daniel, President and Chief Executive Officer, Cyber Threat Alliance
• Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA
• Suzanne Spaulding, Former Undersecretary, U.S. Department of Homeland Security

Windsor kicked off the session by discussing how rapidly cybercriminals are organizing as they look to take advantage of vulnerabilities, making it imperative that entities of all shapes and sizes maintain the security of their networks. He then spoke about the need for greater transparency in cybersecurity and how that plays into the trust that organizations have in the products and vendors that support their networks.

Spaulding underscored the longtime need for “radical transparency,” noting that “whoever can fight in a transparent environment is going to have the advantage.” Daniel echoed these sentiments, saying that the faster we get information out about vulnerabilities and how to fix them, the more likely we are to disrupt threat actors, making it harder for them to compromise their targets. Goldstein highlighted that customers of technology products are largely unable to make purchasing decisions based on security because they lack the data to do so, making transparency even more vital.

A Continued Commitment to Transparency, Disclosure, and Secure Product Development

RSAC was an opportunity to connect with customers, partners, security professionals, and others to collectively advance the cybersecurity industry.

Two clear themes emerged from last week’s event: Our industry must embrace transparency if we want to successfully disrupt our adversaries, and no single organization can fight cybercrime alone. Fortinet is committed to playing a leading role in these areas by offering world-class cybersecurity solutions to our 755,000+ customers and holding ourselves to the highest transparency, disclosure, and product development standards.

Learn more about Fortinet’s trusted products, processes, partnerships, and more here.