The United States Cybersecurity and Infrastructure Agency (CISA) has released best practices for technology companies, known as the Secure-by-Design pledge. Cloudflare has signed this pledge to demonstrate its commitment to creating resilient systems where security is a foundational principle. The company's Linux kernel updates pose significant challenges due to the need to balance security patching with user experience. To address this, Cloudflare employs a calculated approach, carefully removing traffic from servers before rebooting them. This process involves marking servers for maintenance, stopping traffic, and disabling internal traffic. Additionally, the company has developed Reboau, an internally-built tool to manage custom reboot logic in its Control Plane. By leveraging Reboau and following CISA's Secure by Design principles, Cloudflare aims to improve security and reliability for its customers.