Object First, the creator of
Ootbi (Out-of-the-Box-Immutability), the ransomware-proof backup storage appliance purpose-built for Veeam, announced it signed the
‘Secure by Design' pledge
created by the U.S. Cybersecurity and Infrastructure Security Agency
(CISA). The pledge commits software manufacturers to continuously
improve the security of their enterprise software products and services
to build a safer business ecosystem for partners and customers.
"We are proud to sign CISA's Secure by Design pledge and believe all
other vendors should show their commitment to security and do the same,"
said David Bennett, CEO of Object First. "With 189 of our peers
- and growing - we seek to set an industry standard for securing
software products and services to reduce risk to our cyber and physical
infrastructure. Object First is committed to highlighting our progress
as we work to achieve and maintain all seven goals outlined in the
pledge."
As part of CISA's effort, Object First pledges to meet the following
seven criteria that are core to the Secure by Design pledge:
-
Multi-Factor Authentication (MFA): Object First's Ootbi supports MFA, which can be enabled during initial setup via the settings module in the product web UI.
-
Default Passwords: Object First uses unique passwords for initial
configuration, prompting users to create strong passwords for future
logins. No universal default passwords are used, enhancing security from
the start.
-
Reducing Entire Classes of Vulnerability: Object First regularly
contracts with third-party testing services to perform penetrative
testing against its appliances to help find and remedy any security
gaps.
-
Security Patches: Object First regularly releases product patches
based on customer feedback and security findings, notifying customers
via the product UI and other communication channels.
-
Vulnerability Disclosure Policy (VDP): Object First's VDP is available to review on its website. Security concerns and reports can be brought to the company's attention directly through email at security@objectfirst.com.
-
CVEs: Object First will publish a report of any Common Vulnerabilities and Exposures (CVEs) in 2024.
-
Evidence of Intrusions: Object First Ootbi's audit logs and support bundles allow users to package and send reports directly to the company.
Object First aims to provide customers with a secure and reliable
platform, and the efforts made in CISA's Secure by Design pledge will
further ensure that security is embedded throughout the company's
operations and the design, development, and future versions of Ootbi.
For more information on our commitment to being ‘Secure by Design,' view the full pledge here.