Jason Green
Sonatype Blog

NIST: Adopt a Secure Software Development Framework (SSDF) to Mitigate Risk of Software Vulnerabilities

| | devops frameworks, Everything Open Source, government, government open source software (GOSS), Industry commentary, NIST, open source goveranance, Open Source Security
This Spring, the National Institute of Standards and Technology (NIST), released updated recommendations (.pdf) to improve software resilience against vulnerabilities. This builds on an earlier, four-part framework released last year. As the department explains: Few software development life cycle (SDLC) models explicitly address software security in detail, so secure software ... Read More
Sonatype Blog

Six Memorable Sessions with Government DevSecOp Leaders: What We Learned

| | Cybersecurity, DevSecOps, DevSecOps journey, DevSecOps Leadership Forum, FEATURED, government
The afternoon of May 6th made clear that the time for DevSecOps is now across the federal government. An audience of over 500 attendees across the public sector joined together online to connect with five government DevSecOps pathfinders and one notorious white hat hacker. These sessions are now recorded and ... Read More
Sonatype Blog

Top 6 Reasons the Time is Now for DevSecOps in the Federal Government

| | Cybersecurity, DevSecOps, FEATURED, government
Underpinning all modern technology - software and hardware - is a supply chain. However, even as “software eats the world,” or we could argue “ate the world,” there is still too little understanding of the software supply chain, with continued focus on hardware. The reality, however, is that software is ... Read More
Sonatype Blog