Botkeeper Signs the CISA Secure by Design Pledge

The Secure by Design Pledge, launched by the Cybersecurity and Infrastructure Security Agency (CISA), is a bold initiative to shift the responsibility of cybersecurity from end users to software manufacturers. It outlines key commitments companies can take to embed security into every phase of software development from design and development to deployment and maintenance, including:

• Taking ownership of security outcomes for customers.

• Embracing radical transparency around vulnerabilities and risk.

• Leading from the top, making secure design a core business priority.

By signing the pledge, Botkeeper is committing to the following (7) core actions:

Increase the Use of Multi-Factor Authentication (MFA)

We will ensure MFA is not just available, but enabled by default for all users, reducing the risk of unauthorized access.

Reduce Default Passwords

We will eliminate default passwords from our systems and encourage secure credential practices from the start.

Increase the Use of Memory Safe Programming Languages

Where feasible, we will adopt programming languages that help prevent memory-related vulnerabilities (e.g., buffer overflows).

Secure the Build Environment

We will harden our development environments to prevent tampering, including implementing strong identity management and access controls.

Establish a Vulnerability Disclosure Policy

We commit to having a clear, accessible policy that encourages researchers and users to report vulnerabilities responsibly—and we will respond to these disclosures swiftly.

Consider Security Requirements of Customers of All Sizes

Whether you're a startup or a large enterprise, Botkeeper will build security features that are accessible and scalable to your needs.

Demonstrate Transparency in Vulnerability Reporting

We will openly share information about vulnerabilities in our software and provide clear, actionable guidance to mitigate risks.

Why This Matters

Cybersecurity threats are escalating at an unprecedented pace. With every line of code and every feature shipped, software companies must take more responsibility than ever before.

By signing the pledge, Botkeeper formalizes what has always been our practice: baking security into every phase of our AI bookkeeping platform, from development and deployment to daily operations and beyond. In short, the pledge is a public affirmation that security is not a feature—it’s a fundamental responsibility. At Botkeeper, we’re integrating these principles deeply into our AI-powered platform to protect your data, your business, and your trust.

What This Means for Our Clients

Our signature on the Secure by Design Pledge is more than symbolic. It signals several tangible benefits for our clients and partners:

🔐 Proactive Protection: We’re doubling down on secure software architectures and default security configurations to minimize risks before they arise.

🧠 AI with Accountability: As an AI-driven company, we’re investing in responsible and transparent AI practices, ensuring financial data is managed ethically and securely.

🧩 Minimal Default Privileges: We’re re-evaluating permissions and access to ensure the principle of least privilege is consistently applied across our platform.

📢 Open Communication: In the event of vulnerabilities or incidents, you can expect swift, clear, and transparent communication from us.