Object First, the creator of Ootbi (Out-of-the-Box-Immutability), a ransomware-proof backup storage appliance purpose-built for Veeam, today announced it signed the ‘Secure by Design’ pledge created by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The pledge commits software manufacturers to continuously improve the security of their enterprise software products and services to build a safer business ecosystem for partners and customers.
“We are proud to sign CISA's Secure by Design pledge and believe all other vendors should show their commitment to security and do the same,” said David Bennett, CEO of Object First. “With 189 of our peers — and growing — we seek to set an industry standard for securing software products and services to reduce risk to our cyber and physical infrastructure. Object First is committed to highlighting our progress as we work to achieve and maintain all seven goals outlined in the pledge.”
As part of CISA’s effort, Object First pledges to meet the following seven criteria that are core to the Secure by Design pledge:
- Multi-Factor Authentication (MFA): Object First’s Ootbi supports MFA, which can be enabled during initial setup via the settings module in the product web UI.
- Default Passwords: Object First uses unique passwords for initial configuration, prompting users to create strong passwords for future logins. No universal default passwords are used, enhancing security from the start.
- Reducing Entire Classes of Vulnerability: Object First regularly contracts with third-party testing services to perform penetrative testing against its appliances to help find and remedy any security gaps.
- Security Patches: Object First regularly releases product patches based on customer feedback and security findings, notifying customers via the product UI and other communication channels.
- Vulnerability Disclosure Policy (VDP): Object First’s VDP is available to review on its website. Security concerns and reports can be brought to the company's attention directly through email at [email protected].
- CVEs: Object First will publish a report of any Common Vulnerabilities and Exposures (CVEs) in 2024.
- Evidence of Intrusions: Object First Ootbi’s audit logs and support bundles allow users to package and send reports directly to the company.
Object First aims to provide customers with a secure and reliable platform, and the efforts made in CISA’s Secure by Design pledge will further ensure that security is embedded throughout the company's operations and the design, development, and future versions of Ootbi.
For more information on our commitment to being ‘Secure by Design,’ view the full pledge here.
