At Cribl, security is integrated into every stage of our product development and deployment processes. When the Cybersecurity and Infrastructure Security Agency (CISA) released its Secure by Design Pledge, it called on organizations to proactively build protections and safeguards into the heart of their software products.
Cribl was proud to be among the first organizations to sign the CISA Secure by Design Pledge, reinforcing our ongoing commitment to proactive, built-in security for our customers, partners, and community.
Embracing Security-by-Design as a Foundational Element
CISA’s pledge is about changing the organizational mindset: security must be a foundational requirement, not an afterthought. At Cribl, this ethos is embedded into how we build, test, and ship our products.
As explained in our Blueprint for Secure Software Development, our Secure Software Development Lifecycle (SSDLC) ensures that security requirements are documented and threat modeling begins in the earliest stages of product planning.
Secure by Default, Not by Effort
Customers shouldn’t need to harden products themselves to feel secure. That’s why secure-by-default configurations are central to how we ship software.
Cribl’s platform enforces sensible secure defaults for data encryption, user authentication, and role-based access. Cribl also maintains guidance on further securing Cribl Cloud, Hybrid, and OnPrem deployments.
Patch Responsibly. Prevent Proactively.
Cribl’s Engineering teams are mandated—both by policy and executive direction—to deliver timely security updates across products and infrastructure. But beyond patching, Cribl’s Engineering team is dedicated to eliminating entire classes of vulnerabilities. For every novel vulnerability discovered in Cribl’s software:
A root cause analysis (RCA) is performed
A secure coding pattern is documented when needed
A custom static analysis (SAST) rule is created when applicable
These SAST rules help us detect similar risks elsewhere and deliver just-in-time feedback to developers via IDE plugins and pull request checks.
Partnering with the Security Researcher Community
We’re grateful to the researchers who help make the internet safer and strongly encourage participation in Cribl’s Vulnerability Disclosure Program. All issues are promptly reviewed for potential remediation.
If you have a security concern related to Cribl’s products, let us know—we’re listening and taking action.
Enabling Proactive Threat Detection
CISA urges organizations to actively monitor their environments, and Cribl is no exception.
In fact, Cribl’s Security Teams leverages the power of Cribl Search to monitor our internal logs and perform active threat hunting. Check out some of our threat hunting blogs for insights on how you too can leverage Cribl:
Demonstrating Accountability and Continuous Improvement
What This Goal Means
CISA’s pledge underscores that secure-by-design efforts should be measurable, continuously assessed, and improved upon. Accountability—both internally and externally—drives sustained progress.
How Cribl Delivers
Metrics & Evaluation: We measure mean time to remediate (MTTR) and code coverage metrics for security testing to inform continuous improvement.
Security Training & Maturity: Cribl’s explosively popular Security Champions Program is dedicated to elevating the security expertise of our engineers, who are also required to complete annual secure coding training.
Public Commitments & Engagement: Cribl continues to demonstrate accountability to customers, partners, and the wider security community through our security blog series and transparency concerning our internal practices.
The Journey Continues!
Security is a continuous journey, not a finish line. We’re constantly improving, innovating, and sharing what we learn—so others can benefit, too.
By deeply integrating security into our culture and operations—and aligning with the CISA Secure by Design Pledge—Cribl delivers products that help organizations unlock the value of their data without sacrificing security or peace of mind.
