-

Object First Signs CISA’s Secure by Design Pledge

Commitment to Continuously Improve Product Security to Benefit Ecosystem of Vendors, Partners and Customers

BEVERLY, Mass.--(BUSINESS WIRE)--Object First, the creator of Ootbi (Out-of-the-Box-Immutability), the ransomware-proof backup storage appliance purpose-built for Veeam®, today announced it signed the ‘Secure by Design’ pledge created by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The pledge commits software manufacturers to continuously improve the security of their enterprise software products and services to build a safer business ecosystem for partners and customers.

“We are proud to sign CISA's Secure by Design pledge and believe all other vendors should show their commitment to security and do the same,” said David Bennett, CEO of Object First. “With 189 of our peers — and growing — we seek to set an industry standard for securing software products and services to reduce risk to our cyber and physical infrastructure. Object First is committed to highlighting our progress as we work to achieve and maintain all seven goals outlined in the pledge.”

As part of CISA’s effort, Object First pledges to meet the following seven criteria that are core to the Secure by Design pledge:

  • Multi-Factor Authentication (MFA): Object First’s Ootbi supports MFA, which can be enabled during initial setup via the settings module in the product web UI.
  • Default Passwords: Object First uses unique passwords for initial configuration, prompting users to create strong passwords for future logins. No universal default passwords are used, enhancing security from the start.
  • Reducing Entire Classes of Vulnerability: Object First regularly contracts with third-party testing services to perform penetrative testing against its appliances to help find and remedy any security gaps.
  • Security Patches: Object First regularly releases product patches based on customer feedback and security findings, notifying customers via the product UI and other communication channels.
  • Vulnerability Disclosure Policy (VDP): Object First’s VDP is available to review on its website. Security concerns and reports can be brought to the company's attention directly through email at security@objectfirst.com.
  • CVEs: Object First will publish a report of any Common Vulnerabilities and Exposures (CVEs) in 2024.
  • Evidence of Intrusions: Object First Ootbi’s audit logs and support bundles allow users to package and send reports directly to the company.

Object First aims to provide customers with a secure and reliable platform, and the efforts made in CISA’s Secure by Design pledge will further ensure that security is embedded throughout the company's operations and the design, development, and future versions of Ootbi.

For more information on our commitment to being ‘Secure by Design,’ view the full pledge here.

To learn more about Object First, please visit objectfirst.com and follow on LinkedIn and X.

About Object First

Ransomware-proof and immutable out-of-the-box, Ootbi by Object First delivers secure, simple, and powerful backup storage for Veeam® customers. The appliance can be racked, stacked, and powered in 15-minutes. Ootbi is built on immutable object storage technology designed and optimized for unbeatable backup and recovery performance. Eliminate the need to sacrifice performance and simplicity to meet budget constraints with Ootbi by Object First.

Contacts

Press Contact
Gabrielle Redwine
PAN Communications for Object First
objectfirst@pancomm.com

Object First


Release Versions

Contacts

Press Contact
Gabrielle Redwine
PAN Communications for Object First
objectfirst@pancomm.com

More News From Object First

Object First Named on The Channel Company’s MES Midmarket 100 List for Third Consecutive Year

DENVER--(BUSINESS WIRE)--Object First, the ransomware-proof on-premises backup storage company, today announced that it has been highlighted for the third straight year by MES Computing, a brand of The Channel Company, on its 2026 MES Midmarket 100 list.The annual MES Midmarket 100 recognizes technology vendors with deep knowledge of the unique IT needs of midmarket organizations. These vendors are committed to delivering future-focused products and services that support growth, innovation, and...

Object First Voted Enterprise Backup Hardware Vendor of the Year and Ransomware Company of the Year at 2026 Storage Awards

DENVER--(BUSINESS WIRE)--Object First, the ransomware-proof on-premises backup storage company, today announced it received two honors at the 23rd annual Storage Awards in London on June 18: ‘Ransomware Company of the Year’, for its leadership in ransomware protection and cyber resilience, and ‘Enterprise Backup Hardware Vendor of the Year.’ Chosen by public vote from across the UK technology community, both wins reflect the industry’s trust in Object First as a leader in enterprise data protect...

Object First Surges in Q1 2026 as Immutability Becomes a Security Requirement for Backup

DENVER--(BUSINESS WIRE)--Object First reports 118% YoY Q1 bookings growth as enterprises make immutable backup storage a security requirement...
Back to Newsroom