AdobeStock 269258088

Cribl’s Commitment to CISA’s Secure by Design Pledge

Last edited: June 3, 2025

At Cribl, security is integrated into every stage of our product development and deployment processes. When the Cybersecurity and Infrastructure Security Agency (CISA) released its Secure by Design Pledge, it called on organizations to proactively build protections and safeguards into the heart of their software products.

Cribl was proud to be among the first organizations to sign the CISA Secure by Design Pledge, reinforcing our ongoing commitment to proactive, built-in security for our customers, partners, and community.

Embracing Security-by-Design as a Foundational Element

CISA’s pledge is about changing the organizational mindset: security must be a foundational requirement, not an afterthought. At Cribl, this ethos is embedded into how we build, test, and ship our products.

As explained in our Blueprint for Secure Software Development, our Secure Software Development Lifecycle (SSDLC) ensures that security requirements are documented and threat modeling begins in the earliest stages of product planning.

Secure by Default, Not by Effort

Customers shouldn’t need to harden products themselves to feel secure. That’s why secure-by-default configurations are central to how we ship software.

Cribl’s platform enforces sensible secure defaults for data encryption, user authentication, and role-based access. Cribl also maintains guidance on further securing Cribl Cloud, Hybrid, and OnPrem deployments.

Patch Responsibly. Prevent Proactively.

Cribl’s Engineering teams are mandated—both by policy and executive direction—to deliver timely security updates across products and infrastructure. But beyond patching, Cribl’s Engineering team is dedicated to eliminating entire classes of vulnerabilities. For every novel vulnerability discovered in Cribl’s software:

  • A root cause analysis (RCA) is performed

  • A secure coding pattern is documented when needed

  • A custom static analysis (SAST) rule is created when applicable

These SAST rules help us detect similar risks elsewhere and deliver just-in-time feedback to developers via IDE plugins and pull request checks.

Partnering with the Security Researcher Community

We’re grateful to the researchers who help make the internet safer and strongly encourage participation in Cribl’s Vulnerability Disclosure Program. All issues are promptly reviewed for potential remediation.

If you have a security concern related to Cribl’s products, let us know—we’re listening and taking action.

Enabling Proactive Threat Detection

CISA urges organizations to actively monitor their environments, and Cribl is no exception.

In fact, Cribl’s Security Teams leverages the power of Cribl Search to monitor our internal logs and perform active threat hunting. Check out some of our threat hunting blogs for insights on how you too can leverage Cribl:

Demonstrating Accountability and Continuous Improvement

What This Goal Means

CISA’s pledge underscores that secure-by-design efforts should be measurable, continuously assessed, and improved upon. Accountability—both internally and externally—drives sustained progress.

How Cribl Delivers

  • Metrics & Evaluation: We measure mean time to remediate (MTTR) and code coverage metrics for security testing to inform continuous improvement.

  • Security Training & Maturity: Cribl’s explosively popular Security Champions Program is dedicated to elevating the security expertise of our engineers, who are also required to complete annual secure coding training.

  • Public Commitments & Engagement: Cribl continues to demonstrate accountability to customers, partners, and the wider security community through our security blog series and transparency concerning our internal practices.

The Journey Continues!

Security is a continuous journey, not a finish line. We’re constantly improving, innovating, and sharing what we learn—so others can benefit, too.

By deeply integrating security into our culture and operations—and aligning with the CISA Secure by Design Pledge—Cribl delivers products that help organizations unlock the value of their data without sacrificing security or peace of mind.

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy. Customers use Cribl’s suite of products to collect, process, route, and analyze all IT and security data, delivering the flexibility, choice, and control required to adapt to their ever-changing needs.

We offer free training, certifications, and a free tier across our products. Our community Slack features Cribl engineers, partners, and customers who can answer your questions as you get started and continue to build and evolve. We also offer a variety of hands-on Sandboxes for those interested in how companies globally leverage our products for their data challenges.

More from the blog

get started

Choose how to get started

See

Cribl

See demos by use case, by yourself or with one of our team.

Try

Cribl

Get hands-on with a Sandbox or guided Cloud Trial.

Free

Cribl

Process up to 1TB/day, no license required.