Code Security and the Executive Order on Cybersecurity. What you need to know.

The last twelve months has shown just how high the stakes are to secure our nation’s cybersecurity infrastructure. Colonial pipeline, SolarWinds and Microsoft Exchange are just some of the most dangerous hacks with far-reaching consequences. Earlier this month, the White House signed an Executive Order charting a new course for our nation’s cybersecurity infrastructure. 

In order to protect our most important technological infrastructure, the federal government is instructing and encouraging both the public and private sectors to modernize the approach to cybersecurity and invest in key areas that have left us vulnerable.

We’re pleased to see our federal government understand the risks that our complex and interdependent software ecosystem can pose and how important it is to enhance the cybersecurity of the code itself. 

Here’s how we interpret the Executive Order and how it may affect our customers and partners:

• Zero trust. “The Federal government must lead the way and increase its adoption of security best practices, including by employing a zero-trust security model.” We believe zero trust is best practice and our customers should be moving toward this for all critical systems, including software development. 
• Secure the cloud. The Executive Order mandates the federal government will lead the way in accelerating movement to secure cloud services. We agree and have focused on adding additional security to Git-based code sharing services GitHub, GitLab and Bitbucket.  
• Improve Software Supply Chain Security. “The Executive Order will improve the security of software by establishing baseline security standards for development of software sold to the government, including requiring developers to maintain greater visibility into their software and making security data publicly available.” Today’s modern software isn’t a monolithic code base; it’s a collection of parts assembled from disparate sources. It’s astounding how little most companies understand about the critical software that powers their business. And it’s dangerous. This is why we at BluBrackert work so hard to give companies true understanding and visibility into exactly what is in their software. We recently wrote an article on securing your software supply chain in four steps that gives concrete ideas in this important area.

We encourage our customers to start now on these initiatives. Begin by knowing your software Bill of Materials (BOM) and who has access to your code. Most companies we work with find their code in public repositories that are not authorized, just like SolarWinds. This leaves everyone open to hacker infiltration and IP theft. 

BluBracket was founded to solve a pressing need to secure code up and down the development cycle. We saw how code sharing, cloud native and containerization have left companies open to attack. The SolarWinds compromise started with code and is just one such example. 

We applaud these moves by the Federal Government to strengthen our cybersecurity posture and look forward to playing a key role in advancing code security and software supply chain integrity for the industry and our customers. 

If you’d like to learn more about code security please contact us. 

*** This is a Security Bloggers Network syndicated blog from BluBracket authored by Amanda McPherson. Read the original post at: https://blubracket.com/code-security-and-the-executive-order-on-cybersecurity-what-you-need-to-know/