Katie Arrington discusses making development move at the speed of relevance

Historically, the advent of Agile development increased the ability of software developers to create apps that met real-time objectives. Then, the rise of DevOps pushed for coordinated efforts between developers and operations by moving operations to the left. Now, DevSecOps strives for baked-in security by moving security to the left in the application development process, as well.

But, can government agencies develop software applications at the speed of relevance while still ensuring security, interacting with previous application development, and actively thwarting the efforts of skilled adversaries?

DevOps Connect:DevSecOps @ RSAC 2022

Katie Arrington, Chief Information Security Officer (CISO) for the Office of the Under Secretary of Defense for Acquisition, recently answered this question and explained how the Department of Defense is doing exactly that. And there are few more qualified to do so, as it’s Arrington’s responsibility to oversee cybersecurity efforts across the military and ensure that best practices are embraced throughout.

Arrington recently addressed an audience of government and private sector security personnel at the recent Sonatype-sponsored DevSecOps Federal Leadership Forum, she and other government cybersecurity decision-makers discussed the challenges government organizations face in software and application development. During her remarks, Arrington suggested that cybersecurity is a foundational element in application development and acquisition, and that these foundational elements must be done right “every single time.”

Security is not a checklist of do’s and don’ts

The National Development Authorization Act (NDAA) tasked the Defense Innovation Board (DIB) with a study to better understand how to streamline software development and acquisitions. This study, the Software Acquisition and Practices (SWAP), pushed forward key recommendations.

“The DIBSWAP study wasn’t done by the government. It was done by industry professionals looking at the government software development and acquisition process,” Arrington explained. She went on to summarize the study’s findings, saying, “You can’t buy (Read more...)

*** This is a Security Bloggers Network syndicated blog from Sonatype Blog authored by Ryan Schradin. Read the original post at: