2 min read

Botkeeper Signs the CISA Secure by Design Pledge

EMAIL THIS BLOG TO A FRIEND

At Botkeeper, security isn't an afterthought—it's foundational. As an AI-powered software company automating bookkeeping for thousands of accounting firms, we understand the trust our clients place in us to manage and protect their sensitive financial data.

That’s why today, we’re proud to announce that Botkeeper has officially signed the CISA Secure by Design Software Pledge—joining a pioneering group of just 302 organizations such as Microsoft, Google, AWS, Cisco, Dell, HP, Blackberry & more who have committed to building cybersecurity into the DNA of their software development lifecycle and are aligning with CISA’s mission to foster a safer digital ecosystem. You can view the full list of signatories here

botkeeper-signs-the-cisa-secure-by-design-pledge-feature-image

 

What Is the Secure by Design Pledge?

The Secure by Design Pledge, launched by the Cybersecurity and Infrastructure Security Agency (CISA), is a bold initiative to shift the responsibility of cybersecurity from end users to software manufacturers. It outlines key commitments companies can take to embed security into every phase of software development from design and development to deployment and maintenance, including:

  • Taking ownership of security outcomes for customers.

  • Embracing radical transparency around vulnerabilities and risk.

  • Leading from the top, making secure design a core business priority.

By signing the pledge, Botkeeper is committing to the following (7) core actions:

Increase the Use of Multi-Factor Authentication (MFA)

We will ensure MFA is not just available, but enabled by default for all users, reducing the risk of unauthorized access.

Reduce Default Passwords

We will eliminate default passwords from our systems and encourage secure credential practices from the start.

Increase the Use of Memory Safe Programming Languages

Where feasible, we will adopt programming languages that help prevent memory-related vulnerabilities (e.g., buffer overflows).

Secure the Build Environment

We will harden our development environments to prevent tampering, including implementing strong identity management and access controls.

Establish a Vulnerability Disclosure Policy

We commit to having a clear, accessible policy that encourages researchers and users to report vulnerabilities responsibly—and we will respond to these disclosures swiftly.

Consider Security Requirements of Customers of All Sizes

Whether you're a startup or a large enterprise, Botkeeper will build security features that are accessible and scalable to your needs.

Demonstrate Transparency in Vulnerability Reporting

We will openly share information about vulnerabilities in our software and provide clear, actionable guidance to mitigate risks.

botkeeper-signs-the-cisa-secure-by-design-pledge-What-Is-the-Secure-by-Design-Pledge
 

Why This Matters

Cybersecurity threats are escalating at an unprecedented pace. With every line of code and every feature shipped, software companies must take more responsibility than ever before.

By signing the pledge, Botkeeper formalizes what has always been our practice: baking security into every phase of our AI bookkeeping platform, from development and deployment to daily operations and beyond. In short, the pledge is a public affirmation that security is not a feature—it’s a fundamental responsibility. At Botkeeper, we’re integrating these principles deeply into our AI-powered platform to protect your data, your business, and your trust.

What This Means for Our Clients

Our signature on the Secure by Design Pledge is more than symbolic. It signals several tangible benefits for our clients and partners:

🔐 Proactive Protection: We’re doubling down on secure software architectures and default security configurations to minimize risks before they arise.

🧠 AI with Accountability: As an AI-driven company, we’re investing in responsible and transparent AI practices, ensuring financial data is managed ethically and securely.

🧩 Minimal Default Privileges: We’re re-evaluating permissions and access to ensure the principle of least privilege is consistently applied across our platform.

📢 Open Communication: In the event of vulnerabilities or incidents, you can expect swift, clear, and transparent communication from us.

botkeeper-signs-the-cisa-secure-by-design-pledge-Why-This-Matters
 

Looking Ahead

Cybersecurity is a journey, not a destination. Signing the CISA pledge is one step—albeit a critical one—in our ongoing mission to provide secure, reliable, and intelligent bookkeeping solutions to our clients. We’re determined to lead by example in the accounting automation industry.

As we innovate and expand our AI capabilities, security will continue to be at the heart of everything we do. After all, great software doesn’t just work—it protects.

Hundreds of firms trust Botkeeper with their business. You can, too.

 

Get Started!